Can Kubernetes Keep a Secret?
Every application uses secrets to function. These secrets include usernames and passwords, API keys, and other similar private keys. Applications running inside Kubernetes are no exception. Unfortunately, Kubernetes has a reputation for not being able to keep a secret. Is that reputation valid? In this talk, Omer Levi Hevroni explores ... Read More
Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps
DevSecOps is a hot topic. It’s touted as a utopia where automation saves time and money while cutting risk and reducing dependencies. In reality, without effective oversight, DevSecOps leaves orphaned technologies, unmaintained repositories and application artifacts, and ruined credibility in its wake. The value of DevSecOps lies in shifting your ... Read More
OWASP Security Knowledge Framework
In this talk (embedded below), brothers Glenn ten Cate and Riccardo ten Cate identify issues in current secure coding practices. They show how to use the Open Web Application Security Project’s security knowledge framework to build apps that are secure by design ... Read More
