SlideShare ist ein Scribd-Unternehmen logo
1 von 15
Seattle | September 16-17, 2019
Containerizing IT Security
Knowledge
KRISTÓF TÓTH
Seattle | September 16-17, 2019
Something is wrong with security
• 3 billion Yahoo accounts hacked (2016)
• Marriott breach leaks data of 500 million guests (2018)
• Facebook hack leaves 540 million accounts exposed (2019)
• This doesn’t seem right...
Seattle | September 16-17, 2019
Why are we failing?
• The amount of programmers is doubling every few years
• ITSec training is still a curiosity at many universities
• Generations of engineers without a proper background in security
• Education is the missing link
Seattle | September 16-17, 2019
Tutorial Framework – What?
• Helps you creating interactive learning environments
• Automatically guide the user through topics ...
• ... by making them interact with real software
• A hybrid of training videos and hacking labs
• Accessible through a browser
• Package & ship the whole thing in containers
• TL;DR hacking labs on crack
Seattle | September 16-17, 2019
Tutorial demo
Seattle | September 16-17, 2019
What is the value?
• ”Smart security sandboxes”
• Self-guided learning without previous knowledge
• Learn by experimenting with real software
• Hands-on experience without a learning curve
Seattle | September 16-17, 2019
It’s for you!
• For trainers & teachers
• For students & professionals
• For the community
• Fast & easy development
• No proprietary software involved, all open source
• Independent of the Avatao platform, but allows easy integration
Seattle | September 16-17, 2019
You get a set of useful components
• State tracking
• An IDE, console and terminal
• Chat to communicate with user
• Process management, live logs
• And more ...
Seattle | September 16-17, 2019
How it works
• Multiple processes running in a container (tini + supervisord)
• Nginx serving an Angular SPA
• Custom IPC daemon
• Used for RPC and event advertisement
• Connected to processes over ZeroMQ
• Connected to frontend over WebSockets
Seattle | September 16-17, 2019
IPC daemon
• Simple JSON based message format
• Used for RPC and event advertisement
• Routes messages between ZeroMQ & WebSockets
• Processes can connect to it via:
• ZeroMQ sockets
• POSIX named pipes
• ...
Seattle | September 16-17, 2019
IPC daemon
Seattle | September 16-17, 2019
How do you use it?
• Built in components use our messaging daemon to communicate
• You can control them via a simple JSON API
• They broadcast relevant events
• Fill a container with the software you need and instrument TFW
Seattle | September 16-17, 2019
Framework demo
Seattle | September 16-17, 2019
Giving back to the community
• Where can I get it?
• Licensed under the GNU LGPLv3
• Available on GitHub:
• github.com/avatao-content/baseimage-tutorial-framework
• github.com/avatao-content/frontend-tutorial-framework
• github.com/avatao-content/test-tutorial-framework
Seattle | September 16-17, 2019
Thank you for listening!
Questions?

Weitere ähnliche Inhalte

Was ist angesagt?

Bob Lee III - Breaking Down that AWS Silo
Bob Lee III - Breaking Down that AWS SiloBob Lee III - Breaking Down that AWS Silo
Bob Lee III - Breaking Down that AWS SiloAWS Chicago
 
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...Kai Wähner
 
How to Build a Micro-Application using Single-Spa
How to Build a Micro-Application using Single-SpaHow to Build a Micro-Application using Single-Spa
How to Build a Micro-Application using Single-SpaRapidValue
 
DevSecCon singapore 2019 Kunal Relan
DevSecCon singapore 2019 Kunal RelanDevSecCon singapore 2019 Kunal Relan
DevSecCon singapore 2019 Kunal RelanKunal Relan
 
AsyncAPI specification
AsyncAPI specificationAsyncAPI specification
AsyncAPI specificationfmvilas
 
Voxxed Days Minsk. Microservices:
 The phantom menace
. Istio Service Mesh: 
...
Voxxed Days Minsk. Microservices:
 The phantom menace
. Istio Service Mesh: 
...Voxxed Days Minsk. Microservices:
 The phantom menace
. Istio Service Mesh: 
...
Voxxed Days Minsk. Microservices:
 The phantom menace
. Istio Service Mesh: 
...Sergii Bishyr
 
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...apidays
 
apidays LIVE Australia - Evaluating the usability of security APIs by Dr Nali...
apidays LIVE Australia - Evaluating the usability of security APIs by Dr Nali...apidays LIVE Australia - Evaluating the usability of security APIs by Dr Nali...
apidays LIVE Australia - Evaluating the usability of security APIs by Dr Nali...apidays
 
Sergio Seabra - Red Hat - OSL19
Sergio Seabra - Red Hat - OSL19Sergio Seabra - Red Hat - OSL19
Sergio Seabra - Red Hat - OSL19marketingsyone
 
apidays LIVE Singapore - Next-generation microservice architecture based on A...
apidays LIVE Singapore - Next-generation microservice architecture based on A...apidays LIVE Singapore - Next-generation microservice architecture based on A...
apidays LIVE Singapore - Next-generation microservice architecture based on A...apidays
 
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the EnterpriseWSO2
 
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API ManagementWSO2
 
apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays
 
Launching a Business in Less Than 2 Months
Launching a Business in Less Than 2 MonthsLaunching a Business in Less Than 2 Months
Launching a Business in Less Than 2 MonthsAmazon Web Services
 
Cloud Native Application Development-build fast, low TCO, scalable & agile so...
Cloud Native Application Development-build fast, low TCO, scalable & agile so...Cloud Native Application Development-build fast, low TCO, scalable & agile so...
Cloud Native Application Development-build fast, low TCO, scalable & agile so...Lucas Jellema
 
Is There An API In That (IoT)?
Is There An API In That (IoT)?Is There An API In That (IoT)?
Is There An API In That (IoT)?ProgrammableWeb
 
Axway's Journey to the Cloud
Axway's Journey to the CloudAxway's Journey to the Cloud
Axway's Journey to the CloudAxway
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience SmartBear
 
apidays LIVE London 2021 - What are SMART APIs by Patrick Brosse, Amadeus
apidays LIVE London 2021 - What are SMART APIs by Patrick Brosse, Amadeusapidays LIVE London 2021 - What are SMART APIs by Patrick Brosse, Amadeus
apidays LIVE London 2021 - What are SMART APIs by Patrick Brosse, Amadeusapidays
 

Was ist angesagt? (20)

Bob Lee III - Breaking Down that AWS Silo
Bob Lee III - Breaking Down that AWS SiloBob Lee III - Breaking Down that AWS Silo
Bob Lee III - Breaking Down that AWS Silo
 
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
 
How to Build a Micro-Application using Single-Spa
How to Build a Micro-Application using Single-SpaHow to Build a Micro-Application using Single-Spa
How to Build a Micro-Application using Single-Spa
 
DevSecCon singapore 2019 Kunal Relan
DevSecCon singapore 2019 Kunal RelanDevSecCon singapore 2019 Kunal Relan
DevSecCon singapore 2019 Kunal Relan
 
AsyncAPI specification
AsyncAPI specificationAsyncAPI specification
AsyncAPI specification
 
Voxxed Days Minsk. Microservices:
 The phantom menace
. Istio Service Mesh: 
...
Voxxed Days Minsk. Microservices:
 The phantom menace
. Istio Service Mesh: 
...Voxxed Days Minsk. Microservices:
 The phantom menace
. Istio Service Mesh: 
...
Voxxed Days Minsk. Microservices:
 The phantom menace
. Istio Service Mesh: 
...
 
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...
 
apidays LIVE Australia - Evaluating the usability of security APIs by Dr Nali...
apidays LIVE Australia - Evaluating the usability of security APIs by Dr Nali...apidays LIVE Australia - Evaluating the usability of security APIs by Dr Nali...
apidays LIVE Australia - Evaluating the usability of security APIs by Dr Nali...
 
Sergio Seabra - Red Hat - OSL19
Sergio Seabra - Red Hat - OSL19Sergio Seabra - Red Hat - OSL19
Sergio Seabra - Red Hat - OSL19
 
apidays LIVE Singapore - Next-generation microservice architecture based on A...
apidays LIVE Singapore - Next-generation microservice architecture based on A...apidays LIVE Singapore - Next-generation microservice architecture based on A...
apidays LIVE Singapore - Next-generation microservice architecture based on A...
 
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
 
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
 
apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...
 
Launching a Business in Less Than 2 Months
Launching a Business in Less Than 2 MonthsLaunching a Business in Less Than 2 Months
Launching a Business in Less Than 2 Months
 
Cloud Native Application Development-build fast, low TCO, scalable & agile so...
Cloud Native Application Development-build fast, low TCO, scalable & agile so...Cloud Native Application Development-build fast, low TCO, scalable & agile so...
Cloud Native Application Development-build fast, low TCO, scalable & agile so...
 
Is There An API In That (IoT)?
Is There An API In That (IoT)?Is There An API In That (IoT)?
Is There An API In That (IoT)?
 
Axway's Journey to the Cloud
Axway's Journey to the CloudAxway's Journey to the Cloud
Axway's Journey to the Cloud
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience
 
Api Management and Demo
Api Management and DemoApi Management and Demo
Api Management and Demo
 
apidays LIVE London 2021 - What are SMART APIs by Patrick Brosse, Amadeus
apidays LIVE London 2021 - What are SMART APIs by Patrick Brosse, Amadeusapidays LIVE London 2021 - What are SMART APIs by Patrick Brosse, Amadeus
apidays LIVE London 2021 - What are SMART APIs by Patrick Brosse, Amadeus
 

Ähnlich wie DevSecCon Seattle 2019: Containerizing IT Security Knowledge

Attacking and defending GraphQL applications: a hands-on approach
 Attacking and defending GraphQL applications: a hands-on approach Attacking and defending GraphQL applications: a hands-on approach
Attacking and defending GraphQL applications: a hands-on approachDavide Cioccia
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Erkang Zheng
 
G107980 top-it-trends-atlanta-v1904b
G107980 top-it-trends-atlanta-v1904bG107980 top-it-trends-atlanta-v1904b
G107980 top-it-trends-atlanta-v1904bTony Pearson
 
IoT-Fundamentals-And-Digital-Tranformation-Repaired.pptx
IoT-Fundamentals-And-Digital-Tranformation-Repaired.pptxIoT-Fundamentals-And-Digital-Tranformation-Repaired.pptx
IoT-Fundamentals-And-Digital-Tranformation-Repaired.pptxAurelia JQ
 
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Vaticle
 
Blockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceBlockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceJim Gitney
 
NUS-ISS Learning Day 2018- Harnessing the power of cloud solutions in urban a...
NUS-ISS Learning Day 2018- Harnessing the power of cloud solutions in urban a...NUS-ISS Learning Day 2018- Harnessing the power of cloud solutions in urban a...
NUS-ISS Learning Day 2018- Harnessing the power of cloud solutions in urban a...NUS-ISS
 
Experience API: il caso del CMS Headless Liferay di Rafael Lluis
Experience API: il caso del CMS Headless Liferay di Rafael LluisExperience API: il caso del CMS Headless Liferay di Rafael Lluis
Experience API: il caso del CMS Headless Liferay di Rafael LluisIntesys
 
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Paolo Nesi
 
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...Trivadis
 
Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp}
Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp} Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp}
Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp} Lviv Startup Club
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the CloudJosiah Renaudin
 
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon
 

Ähnlich wie DevSecCon Seattle 2019: Containerizing IT Security Knowledge (20)

Attacking and defending GraphQL applications: a hands-on approach
 Attacking and defending GraphQL applications: a hands-on approach Attacking and defending GraphQL applications: a hands-on approach
Attacking and defending GraphQL applications: a hands-on approach
 
Ankit
AnkitAnkit
Ankit
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
 
G107980 top-it-trends-atlanta-v1904b
G107980 top-it-trends-atlanta-v1904bG107980 top-it-trends-atlanta-v1904b
G107980 top-it-trends-atlanta-v1904b
 
Rishabh bhatagar cv
Rishabh bhatagar cvRishabh bhatagar cv
Rishabh bhatagar cv
 
IoT-Fundamentals-And-Digital-Tranformation-Repaired.pptx
IoT-Fundamentals-And-Digital-Tranformation-Repaired.pptxIoT-Fundamentals-And-Digital-Tranformation-Repaired.pptx
IoT-Fundamentals-And-Digital-Tranformation-Repaired.pptx
 
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
 
Blockchains and databases a new era in distributed computing
Blockchains and databases a new era in distributed computingBlockchains and databases a new era in distributed computing
Blockchains and databases a new era in distributed computing
 
ThingStudio_persys17
ThingStudio_persys17ThingStudio_persys17
ThingStudio_persys17
 
Blockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning ConferenceBlockchain IoT Workshop for the Aviation Planning Conference
Blockchain IoT Workshop for the Aviation Planning Conference
 
NUS-ISS Learning Day 2018- Harnessing the power of cloud solutions in urban a...
NUS-ISS Learning Day 2018- Harnessing the power of cloud solutions in urban a...NUS-ISS Learning Day 2018- Harnessing the power of cloud solutions in urban a...
NUS-ISS Learning Day 2018- Harnessing the power of cloud solutions in urban a...
 
Experience API: il caso del CMS Headless Liferay di Rafael Lluis
Experience API: il caso del CMS Headless Liferay di Rafael LluisExperience API: il caso del CMS Headless Liferay di Rafael Lluis
Experience API: il caso del CMS Headless Liferay di Rafael Lluis
 
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
 
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
 
Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp}
Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp} Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp}
Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp}
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the Cloud
 
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
 
Iot privacy-soscon-2019
Iot privacy-soscon-2019Iot privacy-soscon-2019
Iot privacy-soscon-2019
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heel
 

Mehr von DevSecCon

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon
 
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon
 
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon
 
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon
 
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon
 
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon
 
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon
 
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon
 
DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon
 
DevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud ComplianceDevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud ComplianceDevSecCon
 

Mehr von DevSecCon (20)

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
 
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
 
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
 
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificates
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOps
 
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
 
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
 
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
 
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
 
DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?
 
DevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud ComplianceDevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud Compliance
 

Kürzlich hochgeladen

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

DevSecCon Seattle 2019: Containerizing IT Security Knowledge

  • 1. Seattle | September 16-17, 2019 Containerizing IT Security Knowledge KRISTÓF TÓTH
  • 2. Seattle | September 16-17, 2019 Something is wrong with security • 3 billion Yahoo accounts hacked (2016) • Marriott breach leaks data of 500 million guests (2018) • Facebook hack leaves 540 million accounts exposed (2019) • This doesn’t seem right...
  • 3. Seattle | September 16-17, 2019 Why are we failing? • The amount of programmers is doubling every few years • ITSec training is still a curiosity at many universities • Generations of engineers without a proper background in security • Education is the missing link
  • 4. Seattle | September 16-17, 2019 Tutorial Framework – What? • Helps you creating interactive learning environments • Automatically guide the user through topics ... • ... by making them interact with real software • A hybrid of training videos and hacking labs • Accessible through a browser • Package & ship the whole thing in containers • TL;DR hacking labs on crack
  • 5. Seattle | September 16-17, 2019 Tutorial demo
  • 6. Seattle | September 16-17, 2019 What is the value? • ”Smart security sandboxes” • Self-guided learning without previous knowledge • Learn by experimenting with real software • Hands-on experience without a learning curve
  • 7. Seattle | September 16-17, 2019 It’s for you! • For trainers & teachers • For students & professionals • For the community • Fast & easy development • No proprietary software involved, all open source • Independent of the Avatao platform, but allows easy integration
  • 8. Seattle | September 16-17, 2019 You get a set of useful components • State tracking • An IDE, console and terminal • Chat to communicate with user • Process management, live logs • And more ...
  • 9. Seattle | September 16-17, 2019 How it works • Multiple processes running in a container (tini + supervisord) • Nginx serving an Angular SPA • Custom IPC daemon • Used for RPC and event advertisement • Connected to processes over ZeroMQ • Connected to frontend over WebSockets
  • 10. Seattle | September 16-17, 2019 IPC daemon • Simple JSON based message format • Used for RPC and event advertisement • Routes messages between ZeroMQ & WebSockets • Processes can connect to it via: • ZeroMQ sockets • POSIX named pipes • ...
  • 11. Seattle | September 16-17, 2019 IPC daemon
  • 12. Seattle | September 16-17, 2019 How do you use it? • Built in components use our messaging daemon to communicate • You can control them via a simple JSON API • They broadcast relevant events • Fill a container with the software you need and instrument TFW
  • 13. Seattle | September 16-17, 2019 Framework demo
  • 14. Seattle | September 16-17, 2019 Giving back to the community • Where can I get it? • Licensed under the GNU LGPLv3 • Available on GitHub: • github.com/avatao-content/baseimage-tutorial-framework • github.com/avatao-content/frontend-tutorial-framework • github.com/avatao-content/test-tutorial-framework
  • 15. Seattle | September 16-17, 2019 Thank you for listening! Questions?