Developing a Cloud Security Program for Containers & A New Approach to SAST! - DSOLG July 19 2023

Location: 36 Queen Street, London EC4R 1QS
Agenda:
6:00PM: Doors Open
6:15PM: Intros & Stream Begins
6:30PM: Lightning Talk
6:45PM: Main Talk

Lightning Talk - A New Approach to SAST for Modern Teams:
Modern product teams are shipping code at lightning fast pace, and this could often make risk managers and application security teams nervous. Traditional approach to static analysis comes at a cost of doing business that leads to engineering teams ignoring or avoiding security. Learn how you can take a new approach with Bearer to get your development teams to understand security and privacy risk while identifying issues and fixing them before they reach production.

Main Talk - Developing Cloud Security Program for Containers:
Building a container security program is quite complex, especially when you have to deal with containers in orchestration tools such as Kubernetes, combined with the complexity of on-premise, cloud, or hybrid with an extensive footprint. In this talk presentation, we would like to explain how to go about building a security program with containers.
In this talk, we'll cover:
Team and Culture
• What does a security team need to think about from a skillset, team, and technology perspective?
• What are some of the challenges in the container domain to consider?
• What to unlearn from a traditional world that, in the container domain, you don’t need to think about?
DevSecOps role in engineering
• Intricacies of a container secure code practices.
• Making sense in secure container base images and supply chain security.
• Navigating responsibility models
Infrastructure hardening
• Orchestration platform best practices
• Container images and image registry best practices
Applications and monitoring
• IAM and Network policies for achieving fast-paced operational goals. • Tracking, preventing, and responding to threats.

Скачать видео