SlideShare ist ein Scribd-Unternehmen logo

GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications!

Nico Meisenzahl
Nico Meisenzahl

Join Nico, Philippe, and Wayne for a session full of Containers, Kubernetes, and security! In this talk, you will learn how GitLab Defend features can help you to effectively secure your applications and services. We will guide you through different features using real-scenarios use-cases and demos with demonstrations from the perspectives of a software developer, security engineer, and hacker. You will learn how to secure your application ingress using the Web Application Firewall, securing east-west application traffic with Container Network Security as well as threat detection with Container Behaviour Analytics. Everything within your GitLab project! Walk away and know everything you need to know to successfully secure your cloud native applications and services!

Technologie
1 von 16
Downloaden Sie, um offline zu lesen
Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Applications
Introductions ● Nico Meisenzahl - white duck - Senior Cloud & DevOps Consultant - @nmeisenzahl ● Philippe Lafoucriere - GitLab - Distinguished Engineer - @plafoucriere ● Wayne Haber - GitLab - Director of Engineering: Threat Management - @waynehaber
#GitLabCommit Roles ● Nico: Application developer ● Philippe: Security operations team ● Wayne Haber: Attacker
Normal operation
#GitLabCommit Demo: Normal application use Photo credit: https://unsplash.com/@cgower
Exploit the application!
#GitLabCommit Demo: Attack the application! Photo credit: https://unsplash.com/@jackson_893
Layered security controls
Layered security controls GitLab Secure
Layered security controls GitLab Container Host Security
Layered security controls GitLab Container Network Security
#GitLabCommit Demo: Detect the attacks Photo credit: https://unsplash.com/@olloweb
#GitLabCommit Demo: Fix the security issue Photo credit: https://unsplash.com/@vantaymedia
Defense in depth 1. Design for security 2. Check code for security issues a. GitLab Secure stage (SAST, DAST, Dependency Scanning, etc) 3. Monitor for attacks. Including: a. GitLab Defend container network policies (such as WAF and Cilium) b. GitLab Defend container host policies (such as Falco and AppArmor) c. GitLab Monitor host & application logs (such as Elastic) d. Cloud provider logs (such as Cloudwatch and LogAnalytics) 4. Respond to attacks a. What did the attacker do in Redis? b. What actions should be taken to respond? (Restore data from backup, etc) c. Isolate pods for forensics 5. Determine root causes and take action to avoid recurrences a. Implement network and host policies to be default deny b. RCA and fix security bugs in code c. Developer training
Thank you and links Thank you Zamir Martins Filho for the help with the demo environment! Links: ● Demo App ○ https://gitlab.com/gitlab-commit-defend-demo/sample-app ● K8s management project ○ https://gitlab.com/gitlab-commit-defend-demo/gitlab-commit-aks-management ● GitLab Defend features ○ https://docs.gitlab.com/ee/topics/autodevops/#network-policy ○ https://docs.gitlab.com/ee/user/application_security/ ○ https://about.gitlab.com/handbook/engineering/development/threat-management/ ● white duck ○ https://whiteduck.de/en/
Questions? (in chat)

Empfohlen

Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Die Evolution von Container Image Builds
Die Evolution von Container Image BuildsDie Evolution von Container Image Builds
Die Evolution von Container Image BuildsNico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Clusterazdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes ClusterNico Meisenzahl
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Nico Meisenzahl
 
Policy & Governance für Kubernetes
Policy & Governance für KubernetesPolicy & Governance für Kubernetes
Policy & Governance für KubernetesNico Meisenzahl
 
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesContinuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesNico Meisenzahl
 
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureAzure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureNico Meisenzahl
 

Empfohlen

Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Die Evolution von Container Image Builds
Die Evolution von Container Image BuildsDie Evolution von Container Image Builds
Die Evolution von Container Image BuildsNico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Clusterazdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes ClusterNico Meisenzahl
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Nico Meisenzahl
 
Policy & Governance für Kubernetes
Policy & Governance für KubernetesPolicy & Governance für Kubernetes
Policy & Governance für KubernetesNico Meisenzahl
 
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesContinuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesNico Meisenzahl
 
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureAzure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureNico Meisenzahl
 
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...Nico Meisenzahl
 
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Nico Meisenzahl
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Nico Meisenzahl
 
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?Nico Meisenzahl
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...Nico Meisenzahl
 
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsGlobal Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsNico Meisenzahl
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryPhilip Welz
 
Create A Mapping Web Part
Create A Mapping Web PartCreate A Mapping Web Part
Create A Mapping Web PartTom Resing
 
Developing and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project TyeDeveloping and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project TyeEran Stiller
 
KCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre AbstraccionesKCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre AbstraccionesMauricio (Salaboy) Salatino
 
Orchestrating Microservices
Orchestrating MicroservicesOrchestrating Microservices
Orchestrating MicroservicesMauricio (Salaboy) Salatino
 
High quality live broadcasting with PHP 27 07-2016
High quality live broadcasting with PHP 27 07-2016High quality live broadcasting with PHP 27 07-2016
High quality live broadcasting with PHP 27 07-2016Martin de Keijzer
 
Improving VASmalltalk deployment, availability and scalability with Docker
Improving VASmalltalk deployment, availability and scalability with DockerImproving VASmalltalk deployment, availability and scalability with Docker
Improving VASmalltalk deployment, availability and scalability with DockerESUG
 
tiCONF Amsterdam 2014 building mobile teams
tiCONF Amsterdam 2014 building mobile teamstiCONF Amsterdam 2014 building mobile teams
tiCONF Amsterdam 2014 building mobile teamsMartin de Keijzer
 
Building microservices with Vert.X @ Fall 2016
Building microservices with Vert.X @ Fall 2016Building microservices with Vert.X @ Fall 2016
Building microservices with Vert.X @ Fall 2016Tim van Eijndhoven
 
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...Fwdays
 
Productive & easy mobile app dev
Productive & easy mobile app devProductive & easy mobile app dev
Productive & easy mobile app devMartin de Keijzer
 
TechWiseTV Workshop: Cisco Developer Program
TechWiseTV Workshop: Cisco Developer ProgramTechWiseTV Workshop: Cisco Developer Program
TechWiseTV Workshop: Cisco Developer ProgramRobb Boyd
 
MadridJug From Monolith to k8s with Jenkins X and Zeebe
MadridJug From Monolith to k8s with Jenkins X and ZeebeMadridJug From Monolith to k8s with Jenkins X and Zeebe
MadridJug From Monolith to k8s with Jenkins X and ZeebeMauricio (Salaboy) Salatino
 
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughKCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 

Weitere ähnliche Inhalte

Was ist angesagt?

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...Nico Meisenzahl
 
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Nico Meisenzahl
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Nico Meisenzahl
 
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?Nico Meisenzahl
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...Nico Meisenzahl
 
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsGlobal Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsNico Meisenzahl
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryPhilip Welz
 
Create A Mapping Web Part
Create A Mapping Web PartCreate A Mapping Web Part
Create A Mapping Web PartTom Resing
 
Developing and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project TyeDeveloping and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project TyeEran Stiller
 
KCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre AbstraccionesKCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre AbstraccionesMauricio (Salaboy) Salatino
 
High quality live broadcasting with PHP 27 07-2016
High quality live broadcasting with PHP 27 07-2016High quality live broadcasting with PHP 27 07-2016
High quality live broadcasting with PHP 27 07-2016Martin de Keijzer
 
Improving VASmalltalk deployment, availability and scalability with Docker
Improving VASmalltalk deployment, availability and scalability with DockerImproving VASmalltalk deployment, availability and scalability with Docker
Improving VASmalltalk deployment, availability and scalability with DockerESUG
 
tiCONF Amsterdam 2014 building mobile teams
tiCONF Amsterdam 2014 building mobile teamstiCONF Amsterdam 2014 building mobile teams
tiCONF Amsterdam 2014 building mobile teamsMartin de Keijzer
 
Building microservices with Vert.X @ Fall 2016
Building microservices with Vert.X @ Fall 2016Building microservices with Vert.X @ Fall 2016
Building microservices with Vert.X @ Fall 2016Tim van Eijndhoven
 
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...Fwdays
 
Productive & easy mobile app dev
Productive & easy mobile app devProductive & easy mobile app dev
Productive & easy mobile app devMartin de Keijzer
 
TechWiseTV Workshop: Cisco Developer Program
TechWiseTV Workshop: Cisco Developer ProgramTechWiseTV Workshop: Cisco Developer Program
TechWiseTV Workshop: Cisco Developer ProgramRobb Boyd
 
MadridJug From Monolith to k8s with Jenkins X and Zeebe
MadridJug From Monolith to k8s with Jenkins X and ZeebeMadridJug From Monolith to k8s with Jenkins X and Zeebe
MadridJug From Monolith to k8s with Jenkins X and ZeebeMauricio (Salaboy) Salatino
 

Was ist angesagt? (20)

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
 
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
 
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
 
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsGlobal Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
 
Create A Mapping Web Part
Create A Mapping Web PartCreate A Mapping Web Part
Create A Mapping Web Part
 
Developing and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project TyeDeveloping and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project Tye
 
KCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre AbstraccionesKCD Guatemala - Abstracciones sobre Abstracciones
KCD Guatemala - Abstracciones sobre Abstracciones
 
Orchestrating Microservices
Orchestrating MicroservicesOrchestrating Microservices
Orchestrating Microservices
 
High quality live broadcasting with PHP 27 07-2016
High quality live broadcasting with PHP 27 07-2016High quality live broadcasting with PHP 27 07-2016
High quality live broadcasting with PHP 27 07-2016
 
Improving VASmalltalk deployment, availability and scalability with Docker
Improving VASmalltalk deployment, availability and scalability with DockerImproving VASmalltalk deployment, availability and scalability with Docker
Improving VASmalltalk deployment, availability and scalability with Docker
 
tiCONF Amsterdam 2014 building mobile teams
tiCONF Amsterdam 2014 building mobile teamstiCONF Amsterdam 2014 building mobile teams
tiCONF Amsterdam 2014 building mobile teams
 
Building microservices with Vert.X @ Fall 2016
Building microservices with Vert.X @ Fall 2016Building microservices with Vert.X @ Fall 2016
Building microservices with Vert.X @ Fall 2016
 
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...
Anton Boyko "DevSecOps for developers – why it’s important and how to get sta...
 
Productive & easy mobile app dev
Productive & easy mobile app devProductive & easy mobile app dev
Productive & easy mobile app dev
 
TechWiseTV Workshop: Cisco Developer Program
TechWiseTV Workshop: Cisco Developer ProgramTechWiseTV Workshop: Cisco Developer Program
TechWiseTV Workshop: Cisco Developer Program
 
MadridJug From Monolith to k8s with Jenkins X and Zeebe
MadridJug From Monolith to k8s with Jenkins X and ZeebeMadridJug From Monolith to k8s with Jenkins X and Zeebe
MadridJug From Monolith to k8s with Jenkins X and Zeebe
 

Ähnlich wie GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications!

KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughKCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Licel
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
Code review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief KarfiantoCode review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief Karfiantoidsecconf
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Liran Tal
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfSteven Carlson
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
5 Kubernetes Security Tools You Should Use
5 Kubernetes Security Tools You Should Use5 Kubernetes Security Tools You Should Use
5 Kubernetes Security Tools You Should UseDevOps.com
 
Tools & techniques, building a dev secops culture at mozilla sba live a...
Tools & techniques, building a dev secops culture at mozilla sba live a...Tools & techniques, building a dev secops culture at mozilla sba live a...
Tools & techniques, building a dev secops culture at mozilla sba live a...SBA Research
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Amazon Web Services
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applicationseightbit
 
Cover Your Apps While Still Using npm
Cover Your Apps While Still Using npmCover Your Apps While Still Using npm
Cover Your Apps While Still Using npmTierney Cyren
 
Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateMahaut Gouhier
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Give Me Three Things: Anti-Virus Bypass Made Easy
Give Me Three Things: Anti-Virus Bypass Made EasyGive Me Three Things: Anti-Virus Bypass Made Easy
Give Me Three Things: Anti-Virus Bypass Made EasySecurity Weekly
 
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being HackedKCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being HackedNico Meisenzahl
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 

Ähnlich wie GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! (20)

KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughKCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security Agile
 
Code review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief KarfiantoCode review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief Karfianto
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9
 
5 Kubernetes Security Tools You Should Use
5 Kubernetes Security Tools You Should Use5 Kubernetes Security Tools You Should Use
5 Kubernetes Security Tools You Should Use
 
Tools & techniques, building a dev secops culture at mozilla sba live a...
Tools & techniques, building a dev secops culture at mozilla sba live a...Tools & techniques, building a dev secops culture at mozilla sba live a...
Tools & techniques, building a dev secops culture at mozilla sba live a...
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
 
Cover Your Apps While Still Using npm
Cover Your Apps While Still Using npmCover Your Apps While Still Using npm
Cover Your Apps While Still Using npm
 
Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.Monate
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Give Me Three Things: Anti-Virus Bypass Made Easy
Give Me Three Things: Anti-Virus Bypass Made EasyGive Me Three Things: Anti-Virus Bypass Made Easy
Give Me Three Things: Anti-Virus Bypass Made Easy
 
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being HackedKCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
 

Mehr von Nico Meisenzahl

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsNico Meisenzahl
 
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being HackedContainer Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being HackedNico Meisenzahl
 
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingFestive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingNico Meisenzahl
 
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesNico Meisenzahl
 
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...Nico Meisenzahl
 
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...Nico Meisenzahl
 
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedHow to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedNico Meisenzahl
 
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a WalkthroughContainer Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service OperatorAzure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service OperatorNico Meisenzahl
 
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native WayAzure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native WayNico Meisenzahl
 
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasEffiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasNico Meisenzahl
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDDevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDNico Meisenzahl
 

Mehr von Nico Meisenzahl (14)

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
 
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being HackedContainer Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
 
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingFestive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
 
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
 
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
 
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
 
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedHow to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
 
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a WalkthroughContainer Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
GitHub Actions 101
GitHub Actions 101GitHub Actions 101
GitHub Actions 101
 
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service OperatorAzure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
 
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native WayAzure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
 
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasEffiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDDevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
 

Kürzlich hochgeladen

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications!

  • 1. Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Applications
  • 2. Introductions ● Nico Meisenzahl - white duck - Senior Cloud & DevOps Consultant - @nmeisenzahl ● Philippe Lafoucriere - GitLab - Distinguished Engineer - @plafoucriere ● Wayne Haber - GitLab - Director of Engineering: Threat Management - @waynehaber
  • 3. #GitLabCommit Roles ● Nico: Application developer ● Philippe: Security operations team ● Wayne Haber: Attacker
  • 5. #GitLabCommit Demo: Normal application use Photo credit: https://unsplash.com/@cgower
  • 7. #GitLabCommit Demo: Attack the application! Photo credit: https://unsplash.com/@jackson_893
  • 10. Layered security controls GitLab Container Host Security
  • 11. Layered security controls GitLab Container Network Security
  • 12. #GitLabCommit Demo: Detect the attacks Photo credit: https://unsplash.com/@olloweb
  • 13. #GitLabCommit Demo: Fix the security issue Photo credit: https://unsplash.com/@vantaymedia
  • 14. Defense in depth 1. Design for security 2. Check code for security issues a. GitLab Secure stage (SAST, DAST, Dependency Scanning, etc) 3. Monitor for attacks. Including: a. GitLab Defend container network policies (such as WAF and Cilium) b. GitLab Defend container host policies (such as Falco and AppArmor) c. GitLab Monitor host & application logs (such as Elastic) d. Cloud provider logs (such as Cloudwatch and LogAnalytics) 4. Respond to attacks a. What did the attacker do in Redis? b. What actions should be taken to respond? (Restore data from backup, etc) c. Isolate pods for forensics 5. Determine root causes and take action to avoid recurrences a. Implement network and host policies to be default deny b. RCA and fix security bugs in code c. Developer training
  • 15. Thank you and links Thank you Zamir Martins Filho for the help with the demo environment! Links: ● Demo App ○ https://gitlab.com/gitlab-commit-defend-demo/sample-app ● K8s management project ○ https://gitlab.com/gitlab-commit-defend-demo/gitlab-commit-aks-management ● GitLab Defend features ○ https://docs.gitlab.com/ee/topics/autodevops/#network-policy ○ https://docs.gitlab.com/ee/user/application_security/ ○ https://about.gitlab.com/handbook/engineering/development/threat-management/ ● white duck ○ https://whiteduck.de/en/