NGINX DevSecOps Workshop

•

0 gefällt mir•186 views

This document provides an agenda and overview for an NGINX App Protect workshop. It includes: 1. An overview of NGINX and its application platform capabilities for developing and delivering digital experiences. 2. A demonstration and overview of the hands-on lab where attendees can get experience with NGINX App Protect. 3. The hands-on lab itself which attendees participate in for a live experience securing applications with NGINX App Protect.

Technologie

NGINX
App Protect
DevOps
Workshop
Jesse Goodier
NGINX Solutions Architect
November 4, 2020

2
Agenda
1. NGINX Overview
2. Demo and overview of lab
3. Hands-on lab

NGINX
Application
Platform
A suite of technologies to
develop and deliver digital
experiences that span from
legacy, monolithic apps to
modern, microservices apps.

ENTERPRISE SOLUTIONS WITH DYNAMIC MODULES
• Enterprise class visibility with 90+ additional
metrics
• JWT Authentication
• Native OpenID Connect support
• Active health checks on status code
and response body
• Service discovery using DNS
• Key value store (dynamic IP black-listing,
blue/green deployments)
• Dynamic reconfiguration—zero downtime
• Session persistence based on cookie
NGINX Plus

New From F5!
NGINX App Protect
 High performing
 Security protection beyond signatures
 Trusted Signatures from F5
 Simple CI/CD integration
 Designed for modern infrastructures
 Rapid feedback loop for security remediations
 Unified F5 declarative interface
 Security statistics via syslog
 Backed by F5 Support
Manage
CI/CD
Friendly
Secure

Declarative Policy Helps CI/CD Motion
INFRASTRUCTURE AND SECURITY AS CODE
Source Code Repository CI/CD Pipeline Tool IT Automation
Application code/config for App X
security policy/config for App X
Pipeline for build/test/deploy of App X
Ansible playbook for deployment
of App X with its app services
Owned by SecOps Operated by DevOps
{
"entityChanges": {
"type": "explicit"
},
"entity": {
"name": "bak"
},
"entityKind":
"tm:asm:policies:filetypes:filetypestate",
"action": "delete",
"description": "Delete Disallowed File Type"
}

NGINX App Protect Performance
0
0.5
1
1.5
2
2.5
Throughput (MB/sec)
No Protection NGINX App Protect ModSec
0
2000
4000
6000
8000
10000
12000
14000
Requests/sec
No Protection NGINX App Protect ModSec
0
100
200
300
400
500
600
700
800
Latency (ms)
No Protection NGINX App Protect ModSec
Comprehensive security policy has no impact on latency, and offers better throughput and
requests/second when compared to ModSec
• ModSec Configuration: OWASP Top 10 (enable all CRS 3v rules)
• NGINX App Protect Configuration: OWASP Top 10 (Enable signatures), Evasion technique, Data Guard, Disallowed file types,
HTTP protocol compliance

11
• NGINX commonly used as Ingress
Controller
• Dynamic reconfiguration of endpoints
(no configuration reloading)
• Additional metrics, provided by a
streamlined Prometheus exporter
• Dedicated Helm chart repository
• Support for Custom resources to expose
more (all) NGINX Plus features as an
Ingress
An advanced Layer 7 load-balancing solution for exposing Kubernetes services
to the Internet
Kubernetes Ingress Controller

CONFIDENTIAL
Kubernetes Ingress Controllers
https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/nginx-ingress-controllers.md

14
Hands-On Workshop
To launch the lab, go to https://udf.f5.com and look for NGINX Workshop.
Use chat or come off mute if you have any questions and we can help you in a breakout room.
If you do not see the workshop listed on UDF, please send us your email and the system will send
you an invitation.
We are here to help.
Login to windows jump host as user/user
use web shell
su ubuntu
cd
<ctrl><shift>v to paste on windows

Weitere ähnliche Inhalte

Was ist angesagt?

Kubernetes and the NGINX Plus Ingress Controller

Katherine Bagood

On-demand Link https://www.nginx.com/resources/webinars/kubernetes-nginx/ About the Webinar Many enterprises are adopting Kubernetes at breakneck speed as part of their DevOps‑centric digital transformation initiative. And yet the rise of DevOps in no way reduces the role of NetOps teams, who still have responsibility for the operation of the entire platform and its enterprise-wide application services. NetOps’s control of these global‑scale services is still vital to deploying stable and secure aps. In fact, where both NetOps and DevOps have an interest in an application service such as ADC or WAF, we often see duplication of that service. This is not an inefficiency, but rather reflects the differing needs and goals of the parties as they each make use of that service. In this webinar we explore the benefits of duplicating application services inside Kubernetes and look at some well‑established practices for deploying services such as WAF for applications that are running in Kubernetes, including trade‑offs between different options and the criteria that matter most to help you make the best decisions. Our presenters will also provide a demo of how to use NGINX Ingress Controller to provision NGINX App Protect in Red Hat OpenShift.

Get the Most Out of Kubernetes with NGINX

NGINX, Inc.

How to Get Started With NGINX

NGINX, Inc.

In this episode, we will touch on a hot buzzword to any person who is managing or exploring microservices infrastructures: Kubernetes! In a nutshell and by Google’s definition, Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. Today, we will explore through live follow-the-trainer demos how to deploy Kubernetes ingress policies in different levels, and I will show how to deploy ingress as edge API gateway by applying security policies.

API Workloads on Kubernetes | Show Code Part 4

NGINX, Inc.

NGINX powers over half of the world’s busiest sites and applications. Attend this NGINX Basics webinar to hear answers to questions about NGINX and NGINX Plus. https://www.nginx.com/resources/webinars/nginx-basics-ask-anything-emea/ Watch this webinar to: - The answers to your questions on NGINX - About how others use NGINX and NGINX Plus - About common application delivery design patterns - Key insights from the presenter' more than 20 years of industry experience

NGINX Basics: Ask Me Anything – EMEA

NGINX, Inc.

NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller

Katherine Bagood

Speaker: Karthik Krishnaswamy, Sr Product Marketing Manager NGINX, Inc. About the Webinar Technology is revolutionizing our lives – we hail cabs, order food, and stream video right from apps on our mobile devices. At the heart of this disruption are enterprises that embrace digital transformation – according to a survey from IDC sponsored by NGINX, 75% of businesses will have completed their digital transformation by 2030. To support digital transformation, enterprises are modernizing their applications and underlying infrastructure by adopting a variety of processes and new technologies such as DevOps, cloud, open source, and microservices. Software load balancing is central to accelerating digital transformation efforts. That’s where NGINX comes in – it’s a lightweight, flexible and portable load balancer that helps you gain agility and simplifies your architecture In this webinar we cover how to gracefully migrate your BIG-IP deployment to NGINX, the ADC built for modern applications.

Migrating from BIG-IP Deployment to NGINX ADC

NGINX, Inc.

Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP

Olivia LaMar

On-Demand Link: https://www.nginx.com/resources/webinars/nginx-101-web-traffic-encryption-ssl-tls/ 85% of all web traffic is encrypted. This now standard practice helps ensure that data (sensitive or not) sent over the Internet remains private and out of the hands of eavesdroppers and hackers. But how do you encrypt traffic? The answer is with SSL/TLS, an encryption protocol that protects Internet communication. Join this NGINX 101 foundational webinar to learn more about the importance of and best practices for encrypting your web, application, and API traffic. Our presenters show you how to create or procure a certificate to ensure transactions are authenticated, as well as demo how straightforward it is to encrypt and secure your web traffic using NGINX. We also answer attendee questions about NGINX and encryption. Robert Haynes Technical Marketing Manager F5

NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX

NGINX, Inc.

Speakers: Alan Murphy, Regional Solution Architect for APAC NGINX, Inc. Karthik Krishnaswamy, Senior Product Marketing Manager at NGINX, Inc. About the webinar Deploying and managing applications at scale always presents challenges. Infrastructure has to be configured and provisioned quickly across multiple public and private clouds. There’s ever-increasing pressure to maintain reliability, performance, and availability of business applications across this disparate infrastructure. Easy workflows for infrastructure and DevOps, as well as self-service management capabilities for developers, are needed to accelerate application deployment. The result? Enterprises are able to innovate and bring apps to market faster. That’s where NGINX Controller comes in. Controller helps users manage multiple NGINX instances at scale with centralized configuration, monitoring, alerting, and troubleshooting.

NGINX Controller: Configuration, Management, and Troubleshooting at Scale

NGINX, Inc.

Découvrez NGINX AppProtect

NGINX, Inc.

Building and deploying cloud native APIs is a complex operation, and can require a multitude of components. In this workshop we focus on the fundamentals of deploying the runtime API code and publishing the API through an API gateway. To achieve this we use NGINX Unit as a polyglot application server and NGINX web server as an API gateway. With this combination we deliver a solution lightweight enough for dev and strong enough for production. You will learn how to use NGINX Unit to run one or more apps and APIs in a variety of languages, including seamlessly deploying new versions. You will then see the best practices for how to configure NGINX to perform the common API gateway functions of request routing, rate limiting, and authentication for multiple APIs. We will also touch on advanced use cases such as HTTP method enforcement, and JSON validation. No previous experience of NGINX or NGINX Unit is required, but a basic knowledge of HTTP and JSON/REST APIs is valuable.

Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...

NGINX, Inc.

On-Demand Link: https://www.nginx.com/resources/webinars/api-gateway-use-cases-for-kubernetes/ About the Webinar Two app modernization trends – APIs and Kubernetes – have reached a critical adoption point where many organizations are now seeking to deliver APIs using Kubernetes. As with the containerization of applications, this strategy requires organizations to figure out how to deliver APIs quickly and safely. For traditional applications, the solution is a load balancer or ADC which routes API requests from a client to the appropriate services – in other words, an API gateway. But with Kubernetes come different ways to deliver both apps and APIs, which have in turn spawned two new traffic management tools: the Ingress controller and service mesh. Organizations are left with the question “Which tool should I use to deliver API gateway functionality in Kubernetes?” In this webinar, we help you answer that question by looking at the unique needs of containerized APIs (and their owners), sharing common use cases that can be solved with Kubernetes tools, and discussing what you can do to modernize your APIs for the Kubernetes era.

API Gateway Use Cases for Kubernetes

NGINX, Inc.

About the Webinar Red Hat OpenShift is a supported and certified mechanism for deploying the NGINX Plus Ingress Controller for Kubernetes with point-and-click installation and automatic upgrades. You can leverage the Operator Lifecycle Manager (OLM) to perform installation, upgrade, and configuration of the NGINX Ingress Operator. In this webinar, you’ll learn how to get started with the Operator, and explore the benefits of using the NGINX Plus Ingress Controller for Kubernetes.  On-Demand Link: https://www.nginx.com/resources/webinars/ingress-load-balancing-nginx-openshift/

Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...

NGINX, Inc.

About the Webinar In this webinar we demonstrate how to implement effective security controls for your application infrastructure, without impacting release velocity or application performance. Join Chris Witeck and Rajiv Kapoor as they showcase NGINX App Protect and the upcoming security capabilities within NGINX Controller, with specific business use cases in mind. On-Demand Link: https://www.nginx.com/resources/webinars/application-security-nginx/

Application Security with NGINX

NGINX, Inc.

Production-Grade Kubernetes With NGINX Ingress Controller

NGINX, Inc.

NGINX Unit at Scale: Use Cases and the Future of Unit

NGINX, Inc.

Hybrid and multi-cloud architectures are becoming the expected standard for architecture teams to buildout and for operations teams to maintain and deploy. Ever faster DevOps workflows are now an expectation for any digital enterprise, not a goal. And the code DevOps teams are pushing out is typically now packaged in containers, creating an increasingly distributed application landscape. So how can organizations still practice effective application security policy without impacting or crippling their modernization initiatives? NGINX can help with that. These slides will cover: NGINX Plus as an integrated, cloud-native Load Balancer and API Gateway in NGINX Plus NGINX App Protect as the new cloud-native WAF extension for NGINX Plus Demo of both working in tandem to set: Edge routing policy Edge Security Policy And Extending down to Granular, Per-App Security Policy

Securing Your Apps & APIs in the Cloud

Olivia LaMar

On-Demand Link: https://www.nginx.com/resources/webinars/fundamentals-microservices/ About the Webinar Despite powering some of the most popular apps on the planet, microservices – including containers and Kubernetes – are still a mystery to many. Microservices is both an approach to software architecture that builds a large, complex apps from multiple small components and the term for the small components themselves. In this “Microservices 101” webinar, you’ll get an introduction to microservices that will give you a working understanding of the technologies: Monolithic, microservices, and hybrid architectures Containers and Kubernetes Ingress controllers and service meshes

Fundamentals of microservices

NGINX, Inc.

Securing k8s With Kubernetes Goat

Muhammad Yuga Nugraha

Was ist angesagt? (20)

Kubernetes and the NGINX Plus Ingress Controller

Get the Most Out of Kubernetes with NGINX

How to Get Started With NGINX

API Workloads on Kubernetes | Show Code Part 4

NGINX Basics: Ask Me Anything – EMEA

NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller

Migrating from BIG-IP Deployment to NGINX ADC

Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP

NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX

NGINX Controller: Configuration, Management, and Troubleshooting at Scale

Découvrez NGINX AppProtect

Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...

API Gateway Use Cases for Kubernetes

Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...

Application Security with NGINX

Production-Grade Kubernetes With NGINX Ingress Controller

NGINX Unit at Scale: Use Cases and the Future of Unit

Securing Your Apps & APIs in the Cloud

Fundamentals of microservices

Securing k8s With Kubernetes Goat

Ähnlich wie NGINX DevSecOps Workshop

VMworld 2014: Introduction to NSX

VMworld

In a joint webinar with Traefik Labs, we show how Traefik Hub, a SaaS-based cloud native networking platform, helps you publish your containers securely in seconds with tunnels, OIDC authentication and automated TLS certificate management. And, how you can combine that with Weave GitOps to achieve continuous application delivery using progressive delivery strategies for risk-free and reliable deployments. Security is key, so we showcase multi-tenancy for full RBAC across the different deployment stages, and trusted delivery best practices for continuous security and compliance baked in. Learn how: - To utilize canary deployments for reliable and risk-free application deployments. - GitOps lets you automate and secure the publishing of containers at the edge consistently. - Easy it is to deploy, update and manage your application workloads on Kubernetes. - To publish containers securely using tunnels, OIDC authentication and TLS certificate management.

Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...

Weaveworks

This session covers the solution addressing the needs of enabling product-grade containerized applications. You will learn how operations teams running containerized applications in a shared infrastructure can define and enforce policies to provide security, monitoring, and performance for network, storage, and computing. You will learn about Contiv and Mantl, open source projects that create a framework for cloud native application development and infrastructure with application intent and operational policies. Contiv integrates Cisco infrastructure (UCS, Nexus, and ACI) with Docker Datacenter to help enterprises adopt containers at a larger scale.

Enabling Production Grade Containerized Applications through Policy Based Inf...

Docker, Inc.

7 Security Requirements to Accelerate Cloud Adoption

ProtectWise

Check Point vSEC for Microsoft Azure Webinar

Check Point Software Technologies

Nginx app protect-for-meetup-v1.0-202006_lk

Juraj Hantak

IBM Multicloud Management on theOpenShift Container Platform

Michael Elder

This was presented by Steven Thwaites, Technical Solutions Engineer at Docker at Cloud Expo Asia. Docker is the only Containers-as-a-Service platform for IT that manages and secures diverse applications across disparate infrastructure, both on-premises and in the cloud. It covers topics like: VMs vs Containers The Docker Ecosystem How to Build and Ship your Docker Image Unique Advantages with Docker EE and more

Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...

Ashnikbiz

Nsx security deep dive

solarisyougood

DevOps e a transformação digital de aplicações

Ramon Durães

Cncf checkov and bridgecrew

LibbySchulze

Windows 7 by microsoft

Kenneth Endfinger

Pivotal Container Service (PKS) at SF Cloud Foundry Meetup

cornelia davis

HCL BigFix - DNUG Stammtisch Salzburg

DNUG e.V.

Lock it Down with Nutanix Security

NEXTtour

How APIs are Transforming Cisco Solutions and Catalyzing an Innovation Ecosystem

Cisco DevNet

Devops phase-1

G R VISHAL

This deck is a simple primer on the importance of web application uptime and performance today, and outlines the fundamental building blocks of how to achieve performance, reliability, security, and scale for your apps and sites. It provides a checklist of considerations for deploying your application, including specific highlights of how NGINX's application delivery software supports these capabilities. This material is intended for developers and application owners who are relatively new to application delivery techniques, but are looking to understand how to improve the user experience and revenue generation from their applications.

Flawless Application Delivery with NGINX Plus

Peter Guagenti

On-demand version can be accessed at https://www.nginx.com/resources/webinars/microservices-secure-inter-service-communication/ Microservices architectures move inter-service communication from computer memory onto local area networks or even the Internet, making security a critical concern. The microservices network architectures designed by NGINX, freely available on GitHub, include two different implementations of a service mesh; the Router Mesh model and the Fabric Model, which features secure communication between microservices inside out. In this webinar we discuss how various approaches to securing your applications differ, starting with the NGINX Microservices Reference Architecture (MRA). We show how the MRA compares to other microservices architectures such as Istio and linkerd.

MRA AMA Part 8: Secure Inter-Service Communication

NGINX, Inc.

VMworld 2016: Advanced Network Services with NSX

VMworld

Ähnlich wie NGINX DevSecOps Workshop (20)

VMworld 2014: Introduction to NSX

Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...

Enabling Production Grade Containerized Applications through Policy Based Inf...

7 Security Requirements to Accelerate Cloud Adoption

Check Point vSEC for Microsoft Azure Webinar

Nginx app protect-for-meetup-v1.0-202006_lk

IBM Multicloud Management on theOpenShift Container Platform

Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...

Nsx security deep dive

DevOps e a transformação digital de aplicações

Cncf checkov and bridgecrew

Windows 7 by microsoft

Pivotal Container Service (PKS) at SF Cloud Foundry Meetup

HCL BigFix - DNUG Stammtisch Salzburg

Lock it Down with Nutanix Security

How APIs are Transforming Cisco Solutions and Catalyzing an Innovation Ecosystem

Devops phase-1

Flawless Application Delivery with NGINX Plus

MRA AMA Part 8: Secure Inter-Service Communication

VMworld 2016: Advanced Network Services with NSX

Mehr von NGINX, Inc.

【NGINXセミナー】　Ingressを使ってマイクロサービスの運用を楽にする方法

NGINX, Inc.

【NGINXセミナー】 NGINXのWAFとは？その使い方と設定方法　解説セミナー

NGINX, Inc.

【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法

NGINX, Inc.

Get Hands-On with NGINX and QUIC+HTTP/3

NGINX, Inc.

Kubecost and NGINX have recently partnered together to provide a more comprehensive solution for managing cost and performance when deploying Kubernetes. The Kubecost platform helps organizations optimize and monitor their Kubernetes costs, while NGINX is a leading open source software web server, reverse proxy and ingress controller. Together, they offer a powerful combination of cost optimization and application delivery capabilities, enabling you to gain greater visibility into your Kubernetes environments and achieve better performance and efficiency. On-Demand Link https://www.nginx.com/resources/webinars/managing-kubernetes-cost-performance-with-nginx-kubecost/

Managing Kubernetes Cost and Performance with NGINX & Kubecost

NGINX, Inc.

Manage Microservices Chaos and Complexity with Observability

NGINX, Inc.

Managing a microservice application means managing numerous moving parts, where changes to one container can have a negative impact on another and potentially bring down the entire application. With automation you can streamline the validation of containers and standardize deployment, and ensure your apps are updated correctly and securely. Join this session to learn: • How to use GitHub Actions to streamline your processes • About managing security • Why automation simplifies quick recovery from failure

Accelerate Microservices Deployments with Automation

NGINX, Inc.

Unit 2: Microservices Secrets Management 101

NGINX, Inc.

Unit 1: Apply the Twelve-Factor App to Microservices Architectures

NGINX, Inc.

NGINX基本セミナー（セキュリティ編）～NGINXでセキュアなプラットフォームを実現する方法！

NGINX, Inc.

Organizations typically use between 200 and 1,000 applications, many of them public facing and a direct gateway to customers and their data. While these apps enable critical functions, they’re also a common target for bad actors. A web application firewall (WAF) is a critical tool for securing apps by providing protection, detection, and mitigation against vulnerabilities and attacks. However, WAFs can be difficult to maintain and manage at scale. In this webinar, we explore how centralized visibility and configuration management of WAFs can decrease risk and save time.

Easily View, Manage, and Scale Your App Security with F5 NGINX

NGINX, Inc.

NGINXセミナー（基本編）～いまさら聞けないNGINXコンフィグなど基本がわかる！

NGINX, Inc.

With advancing technology and the ever-evolving landscape of cybercrime, it is more important today than ever to reduce file-borne attacks, secure encrypted traffic, and protect your networks. In this webinar, we discuss the latest developments in the threat landscape, why shared responsibility matters for critical infrastructure, and how you can mitigate future threat vectors with the F5 NGINX Plus Certified Module from OPSWAT.

Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX

NGINX, Inc.

In this hands-on demo and lab, we take you step-by-step through installing NGINX Unit on a Linux system, then configuring it as an app server, web server, and reverse proxy. Following a short review of production features and demo of the lab environment, we let you loose in a disposable lab environment to try NGINX Unit for yourself. During the lab, we’re available online to answer questions or demo anything you might be stuck on.

Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...

NGINX, Inc.

Kubernetes has become the platform of choice for deploying modern applications. A Web Application Firewall (WAF) is the most common solution to providing run-time protection for applications (well, second most common, after blind -faith and protective amulets). The question is, how do you put a WAF in place for applications running on Kubernetes? As for most IT questions, the obvious answer is, of course, “it depends.” But on what? In this webinar, we look at how a WAF works, where to insert a WAF in your infrastructure, and the best way for a platform engineering team to create self-service WAF configuration on Kubernetes. We explore some sample configurations, and provide a demo of NGINX App Protect WAF in action.

Protecting Apps from Hacks in Kubernetes with NGINX

NGINX, Inc.

NGINX Kubernetes API

NGINX, Inc.

On-Demand Recording: https://www.nginx.com/resources/webinars/successfully-implement-your-api-strategy-with-nginx/ About the Webinar Cloud-native applications are distributed and decentralized by design, composed of dozens, hundreds, or even thousands of APIs connecting services deployed across cloud, on-premises, and edge environments. Without an effective API strategy in place, API sprawl quickly gets out-of-control and becomes unmanageable as the number of APIs in production outpaces your ability to govern and secure them. In this webinar we explore trends that are accelerating API sprawl and look at some well-established best practices for managing, governing, and securing APIs in distributed environments. Our presenters also demo how to use API Connectivity Manager, part of F5 NGINX Management Suite, to streamline and accelerate your API operations.

Successfully Implement Your API Strategy with NGINX

NGINX, Inc.

Installing and Configuring NGINX Open Source

NGINX, Inc.

Shift Left for More Secure Apps with F5 NGINX

NGINX, Inc.

How to Avoid the Top 5 NGINX Configuration Mistakes.pptx

NGINX, Inc.

Mehr von NGINX, Inc. (20)

【NGINXセミナー】　Ingressを使ってマイクロサービスの運用を楽にする方法

【NGINXセミナー】 NGINXのWAFとは？その使い方と設定方法　解説セミナー

【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法

Get Hands-On with NGINX and QUIC+HTTP/3

Managing Kubernetes Cost and Performance with NGINX & Kubecost

Manage Microservices Chaos and Complexity with Observability

Accelerate Microservices Deployments with Automation

Unit 2: Microservices Secrets Management 101

Unit 1: Apply the Twelve-Factor App to Microservices Architectures

NGINX基本セミナー（セキュリティ編）～NGINXでセキュアなプラットフォームを実現する方法！

Easily View, Manage, and Scale Your App Security with F5 NGINX

NGINXセミナー（基本編）～いまさら聞けないNGINXコンフィグなど基本がわかる！

Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX

Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...

Protecting Apps from Hacks in Kubernetes with NGINX

NGINX Kubernetes API

Successfully Implement Your API Strategy with NGINX

Installing and Configuring NGINX Open Source

Shift Left for More Secure Apps with F5 NGINX

How to Avoid the Top 5 NGINX Configuration Mistakes.pptx

Kürzlich hochgeladen

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

DBX First Quarter 2024 Investor Presentation

Dropbox

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Kürzlich hochgeladen (20)

MS Copilot expands with MS Graph connectors

DBX First Quarter 2024 Investor Presentation

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Artificial Intelligence Chap.5 : Uncertainty

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Understanding the FAA Part 107 License ..

Boost Fertility New Invention Ups Success Rates.pdf

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Vector Search -An Introduction in Oracle Database 23ai.pptx

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

AWS Community Day CPH - Three problems of Terraform

Platformless Horizons for Digital Adaptability

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

NGINX DevSecOps Workshop

1. NGINX App Protect DevOps Workshop Jesse Goodier NGINX Solutions Architect November 4, 2020

2. 2 Agenda 1. NGINX Overview 2. Demo and overview of lab 3. Hands-on lab

4. NGINX Application Platform A suite of technologies to develop and deliver digital experiences that span from legacy, monolithic apps to modern, microservices apps.

6. ENTERPRISE SOLUTIONS WITH DYNAMIC MODULES • Enterprise class visibility with 90+ additional metrics • JWT Authentication • Native OpenID Connect support • Active health checks on status code and response body • Service discovery using DNS • Key value store (dynamic IP black-listing, blue/green deployments) • Dynamic reconfiguration—zero downtime • Session persistence based on cookie NGINX Plus

7. New From F5! NGINX App Protect  High performing  Security protection beyond signatures  Trusted Signatures from F5  Simple CI/CD integration  Designed for modern infrastructures  Rapid feedback loop for security remediations  Unified F5 declarative interface  Security statistics via syslog  Backed by F5 Support Manage CI/CD Friendly Secure

8. Deployment options

9. Declarative Policy Helps CI/CD Motion INFRASTRUCTURE AND SECURITY AS CODE Source Code Repository CI/CD Pipeline Tool IT Automation Application code/config for App X security policy/config for App X Pipeline for build/test/deploy of App X Ansible playbook for deployment of App X with its app services Owned by SecOps Operated by DevOps { "entityChanges": { "type": "explicit" }, "entity": { "name": "bak" }, "entityKind": "tm:asm:policies:filetypes:filetypestate", "action": "delete", "description": "Delete Disallowed File Type" }

10. NGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000 Requests/sec No Protection NGINX App Protect ModSec 0 100 200 300 400 500 600 700 800 Latency (ms) No Protection NGINX App Protect ModSec Comprehensive security policy has no impact on latency, and offers better throughput and requests/second when compared to ModSec • ModSec Configuration: OWASP Top 10 (enable all CRS 3v rules) • NGINX App Protect Configuration: OWASP Top 10 (Enable signatures), Evasion technique, Data Guard, Disallowed file types, HTTP protocol compliance

11. 11 • NGINX commonly used as Ingress Controller • Dynamic reconfiguration of endpoints (no configuration reloading) • Additional metrics, provided by a streamlined Prometheus exporter • Dedicated Helm chart repository • Support for Custom resources to expose more (all) NGINX Plus features as an Ingress An advanced Layer 7 load-balancing solution for exposing Kubernetes services to the Internet Kubernetes Ingress Controller

12. CONFIDENTIAL Kubernetes Ingress Controllers https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/nginx-ingress-controllers.md

13. 13 Workshop Overview

14. 14 Hands-On Workshop To launch the lab, go to https://udf.f5.com and look for NGINX Workshop. Use chat or come off mute if you have any questions and we can help you in a breakout room. If you do not see the workshop listed on UDF, please send us your email and the system will send you an invitation. We are here to help. Login to windows jump host as user/user use web shell su ubuntu cd <ctrl><shift>v to paste on windows

NGINX DevSecOps Workshop

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie NGINX DevSecOps Workshop

Ähnlich wie NGINX DevSecOps Workshop (20)

Mehr von NGINX, Inc.

Mehr von NGINX, Inc. (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

NGINX DevSecOps Workshop