Enviar pesquisa
Carregar
Protecting Pipelines with DevOps and Container Security
•
0 gostou
•
100 visualizações
Título melhorado com IA
Fernando Cardoso
Seguir
Palestra sobre proteção de pipeline DevOps e IaC no TDC Brasil - Março 2021
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 21
Baixar agora
Baixar para ler offline
Recomendados
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
Tim Mackey
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStack
Tim Mackey
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Tim Mackey
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat Security Conference
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
Esteban Próspero
Esteban Próspero
ClusterCba
Recomendados
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
Tim Mackey
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStack
Tim Mackey
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Tim Mackey
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat Security Conference
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
Esteban Próspero
Esteban Próspero
ClusterCba
IoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
Satria Ady Pradana
Generación V de ciberataques
Generación V de ciberataques
Cristian Garcia G.
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat Security Conference
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
e-Xpert Solutions SA
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel Security
xband
Issa jason dablow
Issa jason dablow
ISSA LA
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
Kaspersky
Ransomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
VMUG IT
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
e-Xpert Solutions SA
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust
Cloud intrusion detection System
Cloud intrusion detection System
sadegh salehi
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Priyanka Aash
Security Starts at the Endpoint
Security Starts at the Endpoint
Elasticsearch
Not petya business case
Not petya business case
Alexander Kravchenko
AsianGames Security Story - Andika Triwidada
AsianGames Security Story - Andika Triwidada
idsecconf
How to protect my cloud workload from Ransomware?
How to protect my cloud workload from Ransomware?
Raphael Bottino
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8s
QAware GmbH
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
Mais conteúdo relacionado
Mais procurados
IoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
Satria Ady Pradana
Generación V de ciberataques
Generación V de ciberataques
Cristian Garcia G.
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat Security Conference
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
e-Xpert Solutions SA
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel Security
xband
Issa jason dablow
Issa jason dablow
ISSA LA
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
Kaspersky
Ransomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
VMUG IT
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
e-Xpert Solutions SA
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust
Cloud intrusion detection System
Cloud intrusion detection System
sadegh salehi
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Priyanka Aash
Security Starts at the Endpoint
Security Starts at the Endpoint
Elasticsearch
Not petya business case
Not petya business case
Alexander Kravchenko
AsianGames Security Story - Andika Triwidada
AsianGames Security Story - Andika Triwidada
idsecconf
How to protect my cloud workload from Ransomware?
How to protect my cloud workload from Ransomware?
Raphael Bottino
Mais procurados
(20)
IoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
Generación V de ciberataques
Generación V de ciberataques
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel Security
Issa jason dablow
Issa jason dablow
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
Ransomware in targeted attacks
Ransomware in targeted attacks
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Cloud intrusion detection System
Cloud intrusion detection System
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Security Starts at the Endpoint
Security Starts at the Endpoint
Not petya business case
Not petya business case
AsianGames Security Story - Andika Triwidada
AsianGames Security Story - Andika Triwidada
How to protect my cloud workload from Ransomware?
How to protect my cloud workload from Ransomware?
Semelhante a Protecting Pipelines with DevOps and Container Security
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8s
QAware GmbH
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
Stranger Danger: Your Java Attack Surface Just Got Bigger | JBCNConf 2022
Stranger Danger: Your Java Attack Surface Just Got Bigger | JBCNConf 2022
Brian Vermeer
DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...
Laurent Grangeau
The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so...
Adrien Blind
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
ssuserfb92ae
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
Docker, Inc.
Secure Your Kubernetes Apps from Attacks with NGINX
Secure Your Kubernetes Apps from Attacks with NGINX
NGINX, Inc.
Skip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized apps
Haidee McMahon
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
Ulrich Seldeslachts
Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...
Adewole Shitta-bey
Are you ready to be edgy? Bringing applications to the edge of the network
Are you ready to be edgy? Bringing applications to the edge of the network
Megan O'Keefe
Gervais Peter Resume Oct :2015
Gervais Peter Resume Oct :2015
Peter Gervais
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
Cristian Garcia G.
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
amallblitz0
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cohesive Networks
Piacere general presentation
Piacere general presentation
PIACERE
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Black Duck by Synopsys
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Cohesive Networks
Semelhante a Protecting Pipelines with DevOps and Container Security
(20)
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8s
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Stranger Danger: Your Java Attack Surface Just Got Bigger | JBCNConf 2022
Stranger Danger: Your Java Attack Surface Just Got Bigger | JBCNConf 2022
DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...
The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so...
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
Secure Your Kubernetes Apps from Attacks with NGINX
Secure Your Kubernetes Apps from Attacks with NGINX
Skip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized apps
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...
Are you ready to be edgy? Bringing applications to the edge of the network
Are you ready to be edgy? Bringing applications to the edge of the network
Gervais Peter Resume Oct :2015
Gervais Peter Resume Oct :2015
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Piacere general presentation
Piacere general presentation
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Último
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Último
(20)
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Protecting Pipelines with DevOps and Container Security
1.
Protecting Pipeline DevOps and
IaC Fernando Cardoso Solution Architect for AWS Alliance
2.
© 2021 Trend
Micro Inc. 2 Surprising facts about Containers
3.
© 2021 Trend
Micro Inc. 3 Surprising facts about Containers Gartner predicts that by 2022, more than 75% of global organiza;ons will be running containerized applica;ons in produc;on, up from less than 30% today.
4.
© 2021 Trend
Micro Inc. 4 Security facts about Containers and Kubernetes • CVE-2019-11253 (High) • CVE-2020-8559 (Medium) • CVE-2020-8555 (Medium) • CVE-2020-8551 (Medium) • CVE-2020-8554 (Medium) • CVE-2020-8558 (Low) Some of the recently Kubernetes Vulnerabilities:
5.
© 2021 Trend
Micro Inc. 5 Container security concerns broadly relate to: • The foundation layers of your application • Possible vulnerabilities in the platform and dependencies used by microservices • The security of your application within the container • The integrity of the build pipeline • Container network traffic • The security of the container host • Privileged container • Malicious behavior from containers • Securing your container management stack
6.
© 2021 Trend
Micro Inc. 6 Blame Game Source: https://www.devseccon.com/devops-with-a-spice-of-culture-secadvent-day-23/
7.
© 2021 Trend
Micro Inc. 7 1º Secure your build pipeline Endpoint Protection Least Privilege Access to repository, application, and infrastructure Make sure the Runtime Protection is in place
8.
© 2021 Trend
Micro Inc. 8 2º Build on a secure founda;on Dockerfile DockerHub Snyk Dependencies Scanning
9.
© 2021 Trend
Micro Inc. 9 2º Build on a secure foundation • Detect the Vulnerabilities in the Operation System used by your container Image • Detect the Vulnerabilities in the Application Platform • Detect the Vulnerabilities in the Dependencies from your Application
10.
© 2021 Trend
Micro Inc. 10 3º Secure your applica;on • Unit Test - are typically automated tests written and run by software developers to ensure that a section of an application meets its design and behaves as intended. • SAST - Static code analysis is a method of debugging done by examining an application’s source code before a program is run. This is usually done by analyzing the code against a given set of rules or coding standards. • DAST - Dynamic code analysis is the method of debugging by examining an application during or after a program is run. Since the source code could be run with a variety of different inputs, there isn’t a given set of rules that can cover this style.
11.
© 2021 Trend
Micro Inc. 11 Open-Source tool that performs static code analysis C# Java Kotlin Python Ruby Golang Terraform Javascript Typescript Kubernetes PHP C HTML JSON Dart Elixir Shell
12.
© 2021 Trend
Micro Inc. 12 4º Secure the container host
13.
© 2021 Trend
Micro Inc. 13 5º Secure the networking environment Docker Engine Operating System Kubernetes App A App B App C App D App E App F Containerized Apps Internet • Traffic moving north-south, to and from the internet to stop attacks and filter malicious content. • Monitor east-west, inner-container, traffic. After attackers gain a foothold in a network, they look to move laterally to expand their reach Ability to Detect and Prevent
14.
© 2021 Trend
Micro Inc. 14 6º Secure your management stack Container Image Scanning integrated to Container Registries Protect the Master and API’s communication Protect the Node and apply security policies for microservices
15.
© 2021 Trend
Micro Inc. 15 Full Architecture
16.
© 2021 Trend
Micro Inc. 16 But, how can I validate the infrastructure created or that will be create in the cloud for my Applications?
17.
© 2021 Trend
Micro Inc. 17 Git Repository CI/CD Cloud Build Template Scanner 𝒇(𝑥) 𝒇(𝑥) IDE – Plugin VSCode Template Scanner through the APIs Instances / Container Hosts Serverless Storages / Database Cloud Secure Posture Management • Multi-Cloud Visibility • Compliance • Real-time Monitoring Infrastructure as a Code - Pipeline Support Ticket System GitHub Actions Integration
18.
© 2021 Trend
Micro Inc. 18 Shift-Left Security – Plugin in the IDE GitHub with some examples
19.
© 2021 Trend
Micro Inc. 19 Conclusion "The containers/microservices offers numerous benefits for your business, as long you have the right policies, “right use“, and security tools to protect it from possible mistakes, vulnerabilities and attacks in this very agile environment that are containers."
20.
© 2021 Trend
Micro Inc. 20
21.
© 2021 Trend
Micro Inc. 21 Fernando Cardoso fernando_cardoso@trendmicro.com @fernando0stc Fernando0stc
Baixar agora