Do Containers Enhance Application Level Security? Benjy Portnoy, CISA, CISSP
|
|
- Beverly Barton
- 6 years ago
- Views:
Transcription
1 Do Containers Enhance Application Level Security? Benjy Portnoy, CISA, CISSP
2 # whoami BlueCoat-> Symantec Director,
3 I know, I ll use Ruby on Rails! * Thanks To Jim Brickman@gruntwork.io
4 > gem install rails
5 > gem install rails Fetching: i18n gem (100%) Fetching: json gem (100%) Building native extensions. This could take a while... ERROR: Error installing rails: ERROR: Failed to build gem native extension. /usr/bin/ruby1.9.1 extconf.rb creating Makefile make sh: 1: make: not found
6 Ah, I just need to install make
7 > sudo apt-get install make... Success!
8 > gem install rails
9 > gem install rails Fetching: nokogiri gem (100%) Building native extensions. This could take a while... ERROR: Error installing rails: ERROR: Failed to build gem native extension. /usr/bin/ruby1.9.1 extconf.rb checking if the C compiler accepts... yes Building nokogiri using packaged libraries. Using mini_portile version rc2 checking for gzdopen() in -lz... no zlib is missing; necessary for building libxml2 *** extconf.rb failed ***
10 Hmm. Time to visit StackOverflow.
11 > sudo apt-get install zlib1g-dev... Success!
12 > gem install rails
13 > gem install rails Building native extensions. This could take a while... ERROR: Error installing rails: ERROR: Failed to build gem native extension. /usr/bin/ruby1.9.1 extconf.rb checking if the C compiler accepts... yes Building nokogiri using packaged libraries. Using mini_portile version rc2 checking for gzdopen() in -lz... yes checking for iconv... yes Extracting libxml tar.gz into tmp/x86_64-pc-linuxgnu/ports/libxml2/ OK *** extconf.rb failed ***
14 okogiri, why do you never install correctly?
15 > gem install rails... Success!
16 > rails new my-project > cd my-project > rails start
17 Finally It Works!
18
19 You use the AWS Console to deploy an EC2 instance
20 > ssh _ ) _ ( / Amazon Linux AMI \ [ec2-user@ip ~]$ gem install rails ERROR: Error installing rails: ERROR: Failed to build gem native extension. /usr/bin/ruby1.9.1 extconf.rb
21
22 Spend 2 hours trying weird & random suggestions Replicate your dev environment in AMI
23
24 Now you urgently have to update all your Rails installations
25 > bundle update rails
26 > bundle update rails Building native extensions. This could take a while... ERROR: Error installing rails: ERROR: Failed to build gem native extension. /usr/bin/ruby1.9.1 extconf.rb checking if the C compiler accepts... yes Building nokogiri using packaged libraries. Using mini_portile version rc2 checking for gzdopen() in -lz... yes checking for iconv... yes Extracting libxml tar.gz into tmp/x86_64-pc-linuxgnu/ports/libxml2/ OK *** extconf.rb failed ***
27
28 What Are Containers Containers to the rescue? Container [kuhn-tay-ner], noun Form of application deployment. Making a process think that it has the complete operating system & Dependencies for itself.
29 Why Should you care? Docker Hosts Source: Datadog usage stats
30 Up in Seconds Massive Scale Runs Anywhere
31 How to create a containerized application?.net < / >
32 SECURING CONTAINERS ON THE HOST Control Groups Namespaces CPU Capabilities
33 Lets deploy our Ruby application as a container
34
35 Dockerfile Example < / >
36 August 16 th 2017
37 September 7 th 2017 Exploited Apache Struts Vulnerability 143 Million customers impacted Attack occurred from mid May to July prior to detection Equifax hack shaved $4B, or about 25% of the company market cap
38 CVE /5638 in a nutshell 1) Apache Struts framework for dynamic web content 2) Arbitrary RCE if REST communication plugin enabled 3) The weakness is caused by how Xstream deserializes untrusted data represented as XML
39 OWASP #1 Injection is #1 application attack vector
40 Demo Scenario With Containers Victim Container Apache Struts server using vulnerable struts Attacker Container exploit CVE using the victim as target Python based exploit Uploads a simple web shell as a web application to the victim
41
42 Demo
43 What if Equifax were using containers? Attack Success Criteria 1. Compromise server 2. Remain persistent 3. Access additional internal resources 4. Exfiltration of sensitive (PII) data
44 Container Compromised and Not Host Container breakout = kernel exploit Less persistent (Average container life 6 hours!) Minimal lateral network movement Micro Service = Reduced Attack Surface
45
46 Shrink Wrapping Container Each Micro-services should do very little Learn normal behavior and block anything else (Shell.war) Segment networking on, and between containers on same host Secrets File Use Volumes Business Function User Privileges Resource Use Network Use Image Integrity Executables Learn and Apply Least Privileges
47 So... Do Containers Enhance Security?
48
49 .NET < / > Read Only Docker Image Docker Host
50
51 Container Security Concerns Developer Controls Full Stack Unauthorized images Open Source vulnerabilities East To West Traffic Privilege escalation (Dirtyc0w?) Host resource impact :(){ : :& };: Secrets Management Authenticate d User Applicati on Attacker Applicatio n Host 1 Host 2
52 Call To Action
53 Thank You!
Waratek Runtime Protection Platform
Waratek Runtime Protection Platform Cirosec TrendTage - March 2018 Waratek Solves the Application Security Problems That No One Else Can Prateep Bandharangshi Director of Client Security Solutions March,
More informationAutomating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More information/ Cloud Computing. Recitation 5 September 27 th, 2016
15-319 / 15-619 Cloud Computing Recitation 5 September 27 th, 2016 1 Overview Administrative issues Office Hours, Piazza guidelines Last week s reflection Project 2.1, OLI Unit 2 modules 5 and 6 This week
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationPVS Deployment in the Cloud. Last Updated: June 17, 2016
PVS Deployment in the Cloud Last Updated: June 17, 2016 Contents Amazon Web Services Introduction 3 Software Requirements 4 Set up a NAT Gateway 5 Install PVS on the NAT Gateway 11 Example Deployment 12
More informationMurray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?
Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Micro Services, Containers and Serverless PaaS Web Apps? How safe are you? A G E N D A 1 2 3 Serverless, Microservices and Container
More informationDevOps Course Content
DevOps Course Content 1. Introduction: Understanding Development Development SDLC using WaterFall & Agile Understanding Operations DevOps to the rescue What is DevOps DevOps SDLC Continuous Delivery model
More informationNetflix OSS Spinnaker on the AWS Cloud
Netflix OSS Spinnaker on the AWS Cloud Quick Start Reference Deployment August 2016 Huy Huynh and Tony Vattathil Solutions Architects, Amazon Web Services Contents Overview... 2 Architecture... 3 Prerequisites...
More informationIndex. Bessel function, 51 Big data, 1. Cloud-based version-control system, 226 Containerization, 30 application, 32 virtualize processes, 30 31
Index A Amazon Web Services (AWS), 2 account creation, 2 EC2 instance creation, 9 Docker, 13 IP address, 12 key pair, 12 launch button, 11 security group, 11 stable Ubuntu server, 9 t2.micro type, 9 10
More informationOBSERVEIT CLOUDTHREAT GUIDE
OBSERVEIT CLOUDTHREAT GUIDE Contents 1 About This Document... 2 1.1 Intended Audience... 2 1.2 Related ObserveIT Software and Documentation... 2 1.3 Support... 2 2 Product Overview... 3 3 Installing the
More informationBitnami JRuby for Huawei Enterprise Cloud
Bitnami JRuby for Huawei Enterprise Cloud Description JRuby is a 100% Java implementation of the Ruby programming language. It is Ruby for the JVM. JRuby provides a complete set of core built-in classes
More informationSecuring Serverless Architectures
Securing Serverless Architectures Dave Walker, Specialist Solutions Architect, Security and Compliance Berlin 12/04/16 2016, Web Services, Inc. or its Affiliates. All rights reserved. With Thanks To: Agenda
More informationHTTP request proxying vulnerability
HTTP request proxying vulnerability andres@laptop:~/$ curl http://twitter.com/?url=http://httpbin.org/useragent { "user-agent": "python-requests/1.2.3 CPython/2.7.3 Linux/3.2.0-48virtual" } andres@laptop:~/$
More informationOPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES
OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES What is the OWASP Top 10? A list of the top ten web application vulnerabilities Determined by OWASP and the security community at large
More informationIEEE Sec Dev Conference
IEEE Sec Dev Conference #23, Improving Attention to Security in Software Design with Analytics and Cognitive Techniques Jim Whitmore (former) IBM Distinguished Engineer Carlisle, PA jjwhitmore@ieee.org
More informationAmazon Web Services Hands On S3 January, 2012
Amazon Web Services Hands On S3 January, 2012 Copyright 2011-2012, Amazon Web Services, All Rights Reserved Page 1-8 Table of Contents Overview... 3 Create S3 Bucket... 3 Upload Content and Set Permissions...
More informationContainers, Serverless and Functions in a nutshell. Eugene Fedorenko
Containers, Serverless and Functions in a nutshell Eugene Fedorenko About me Eugene Fedorenko Senior Architect Flexagon adfpractice-fedor.blogspot.com @fisbudo Agenda Containers Microservices Docker Kubernetes
More informationManaging Deep Learning Workflows
Managing Deep Learning Workflows Deep Learning on AWS Batch treske@amazon.de September 2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business Understanding Data Understanding
More informationSaving Time and Costs with Virtual Patching and Legacy Application Modernizing
Case Study Virtual Patching/Legacy Applications May 2017 Saving Time and Costs with Virtual Patching and Legacy Application Modernizing Instant security and operations improvement without code changes
More informationRunning MESA on Amazon EC2 Instances: A Guide
Page! 1 of! 12 Running MESA on Amazon EC2 Instances: A Guide by Andrew Mizener (amizener@macalester.edu) Page! 2 of! 12 Introduction Welcome! In this guide, I ll be demonstrating how to set up MESA on
More informationFramework for Application Security Testing. September 11th, 2018
Framework for Application Security Testing September 11th, 2018 Create thousands of security tests from existing functional tests automatically Wallarm FAST enables secure CI / CD Wallarm FAST has many
More informationOrchestration Ownage: Exploiting Container-Centric Datacenter Platforms
SESSION ID: CSV-R03 Orchestration Ownage: Exploiting Container-Centric Datacenter Platforms Bryce Kunz Senior Threat Specialist Adobe Mike Mellor Director, Information Security Adobe Intro Mike Mellor
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More information/ Cloud Computing. Recitation 5 September 26 th, 2017
15-319 / 15-619 Cloud Computing Recitation 5 September 26 th, 2017 1 Overview Administrative issues Office Hours, Piazza guidelines Last week s reflection Project 2.1, OLI Unit 2 modules 5 and 6 This week
More information/ Cloud Computing. Recitation 5 February 14th, 2017
15-319 / 15-619 Cloud Computing Recitation 5 February 14th, 2017 1 Overview Administrative issues Office Hours, Piazza guidelines Last week s reflection Project 2.1, OLI Unit 2 modules 5 and 6 This week
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationExam Questions AWS-Certified- Developer-Associate
Exam Questions AWS-Certified- Developer-Associate Amazon AWS Certified Developer Associate https://www.2passeasy.com/dumps/aws-certified- Developer-Associate/ 1. When using Amazon SQS how much data can
More informationDEPLOYMENT MADE EASY!
DEPLOYMENT MADE EASY! Presented by Hunde Keba & Ashish Pagar 1 DSFederal Inc. We provide solutions to Federal Agencies Our technology solutions connect customers to the people they serve 2 Necessity is
More informationImmersion Day. Getting Started with Linux on Amazon EC2
July 2018 Table of Contents Overview... 3 Create a new EC2 IAM Role... 4 Create a new Key Pair... 5 Launch a Web Server Instance... 8 Connect to the server... 14 Using PuTTY on Windows... 15 Configure
More informationVulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database
Case Study 2018 Solution/Service Title Vulnerability Management & Vulnerability Assessment Client Industry Cybersecurity, Vulnerability Assessment and Management, Network Security Client Overview Client
More informationVerteego VDS Documentation
Verteego VDS Documentation Release 1.0 Verteego May 31, 2017 Installation 1 Getting started 3 2 Ansible 5 2.1 1. Install Ansible............................................. 5 2.2 2. Clone installation
More informationAbout Me. Rohit Salecha
Serialization Bugs About Me Rohit Salecha Senior Security Consultant @ NotSoSecure 7+ yrs of Corporate Experience Pentesting (Web, Mobile, Infra) and Development in Java Trainer : AppSec for Developers,
More informationIntroductions. Jack Katie
Main Screen Turn On Hands On Workshop Introductions Jack Skinner @developerjack Katie McLaughlin @glasnt And what about you? (not your employer) What s your flavour? PHP, Ruby, Python? Wordpress, Drupal,
More informationSecuring Containers on the High Seas. Jack OWASP Belgium September 2018
Securing Containers on the High Seas Jack Mannino @ OWASP Belgium September 2018 Who Am I? Jack Mannino CEO at nvisium, since 2009 Former OWASP Northern Virginia chapter leader Hobbies: Scala, Go and Kubernetes
More informationHomework #7 Amazon Elastic Compute Cloud Web Services
Homework #7 Amazon Elastic Compute Cloud Web Services This semester we are allowing all students to explore cloud computing as offered by Amazon s Web Services. Using the instructions below one can establish
More informationDevOps Technologies. for Deployment
DevOps Technologies for Deployment DevOps is the blending of tasks performed by a company's application development and systems operations teams. The term DevOps is being used in several ways. In its most
More informationCS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud
CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud Go to Google Cloud Console => Compute Engine => VM instances => Create Instance For the Boot Disk, click "Change", then
More informationVulnerability Management From B Movie to Blockbuster Rahim Jina
Vulnerability Management From B Movie to Blockbuster Rahim Jina 5 December 2018 Rahim Jina COO & Co-Founder Edgescan & BCC Risk Advisory @rahimjina rahim@edgescan.com HACKED Its (not) the $$$$ Information
More informationHacking and Hardening Kubernetes
SESSION ID: HT-W02 Hacking and Hardening Kubernetes Jay Beale CTO InGuardians, Inc @jaybeale and @inguardians Adam Crompton Senior Security Analyst InGuardians, Inc. @3nc0d3r and @inguardians Table of
More informationMove Amazon RDS MySQL Databases to Amazon VPC using Amazon EC2 ClassicLink and Read Replicas
Move Amazon RDS MySQL Databases to Amazon VPC using Amazon EC2 ClassicLink and Read Replicas July 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided
More informationLab 2 Third Party API Integration, Cloud Deployment & Benchmarking
Lab 2 Third Party API Integration, Cloud Deployment & Benchmarking In lab 1, you have setup the web framework and the crawler. In this lab, you will complete the deployment flow for launching a web application
More informationDocker and Security. September 28, 2017 VASCAN Michael Irwin
Docker and Security September 28, 2017 VASCAN Michael Irwin Quick Intro - Michael Irwin 2011 - Graduated (CS@VT); started full-time at VT Sept 2015 - Started using Docker for QA June 2016 - Attended first
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationHomework 9: Stock Search Android App with Facebook Post A Mobile Phone Exercise
Homework 9: Stock Search Android App with Facebook Post A Mobile Phone Exercise 1. Objectives Ø Become familiar with Android Studio, Android App development and Facebook SDK for Android. Ø Build a good-looking
More informationContainers: Exploits, Surprises, And Security
Containers: Exploits, Surprises, And Security with Elissa Shevinsky COO at SoHo Token Labs Editor of Lean Out #RVASec @ElissaBeth on twitter @Elissa_is_offmessage on Instagram this was Silicon Valley in
More informationMonitoring MySQL Performance with Percona Monitoring and Management
Monitoring MySQL Performance with Percona Monitoring and Management Santa Clara, California April 23th 25th, 2018 MIchael Coburn, Product Manager Your Presenter Product Manager for PMM (also Percona Toolkit
More informationKubernetes Integration Guide
Kubernetes Integration Guide Cloud-Native Security www.aporeto.com Aporeto Kubernetes Integration Guide The purpose of this document is to describe the features of Aporeto that secure application services
More informationOne year of Deploying Applications for Docker, CoreOS, Kubernetes and Co.
One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co thomas@endocode.com HI! Thomas Fricke thomas@endocode.com CTO Endocode System Automation DevOps Cloud, Database and Software Architect
More informationTraining: Pentesting the Modern Application Stack
Training: Pentesting the Modern Application Stack Date of the training: March 18 19, 2019 in Heidelberg, Germany Book Now using the voucher code: TR19_HMTS and save an additional 5% of the current valid
More informationZero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks
Zero to Microservices in 5 minutes using Docker Containers Mathew Lodge (@mathewlodge) Weaveworks (@weaveworks) https://www.weave.works/ 2 Going faster with software delivery is now a business issue Software
More informationProtect your apps and your customers against application layer attacks
Protect your apps and your customers against application layer attacks Development 1 IT Operations VULNERABILITY DETECTION Bots, hackers, and other bad actors will find and exploit vulnerabilities in web
More informationKubeNow Documentation
KubeNow Documentation Release 0.3.0 mcapuccini Dec 13, 2017 Getting Started 1 Prerequisites 3 1.1 Install Docker.............................................. 3 1.2 Get KubeNow..............................................
More informationSwift Web Applications on the AWS Cloud
Swift Web Applications on the AWS Cloud Quick Start Reference Deployment November 2016 Asif Khan, Tom Horton, and Tony Vattathil Solutions Architects, Amazon Web Services Contents Overview... 2 Architecture...
More informationBitnami Ruby for Huawei Enterprise Cloud
Bitnami Ruby for Huawei Enterprise Cloud Description Bitnami Ruby Stack provides a complete development environment for Ruby on Rails that can be deployed in one click. It includes most popular components
More informationConfiguring a Palo Alto Firewall in AWS
Configuring a Palo Alto Firewall in AWS Version 1.0 10/19/2015 GRANT CARMICHAEL, MBA, CISSP, RHCA, ITIL For contact information visit Table of Contents The Network Design... 2 Step 1 Building the AWS network...
More informationWeb Application Security Payloads. Andrés Riancho SecTor 2010, Toronto, Canada.
Web Application Security Payloads Andrés Riancho SecTor 2010, Toronto, Canada. andres@rapid7.com$ whoami Director of Web Security @ Rapid7 Founder @ Bonsai Information Security Developer (python!) Open
More informationContents in Detail. Foreword by Xavier Noria
Contents in Detail Foreword by Xavier Noria Acknowledgments xv xvii Introduction xix Who This Book Is For................................................ xx Overview...xx Installation.... xxi Ruby, Rails,
More informationCode: Slides:
Workshop Resources Code: https://github.com/beekpr/public-workshops Slides: https://tinyurl.com/yc2uo3wk Make sure minikube and kubectl is setup (labs/1-setup-cluster.md has some instructions) Kubernetes
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationCPW AutoGrader. CSCI 370 Field Session 2016 June 20, Client: Christopher Painter Wakefield
CPW AutoGrader CSCI 370 Field Session 2016 June 20, 2016 Client: Christopher Painter Wakefield Authors: Michael Bartlett Harry Krantz Eric Olson Chris Rice Caleb Willkomm Table of Contents Introduction
More informationAttacking Next- Generation Firewalls
Attacking Next- Generation Firewalls Breaking PAN-OS Felix Wilhelm #whoami Security Researcher @ ERNW Research Application and Virtualization Security Recent Research Hypervisors (Xen) Security Appliances
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationAmazon Web Services Hands on EC2 December, 2012
Amazon Web Services Hands on EC2 December, 2012 Copyright 2011-2012, Amazon Web Services, All Rights Reserved Page 1-42 Table of Contents Launch a Linux Instance... 4 Connect to the Linux Instance Using
More informationOWASP. The OWASP Foundation Shake Hands With BeEF
Shake Hands With BeEF OWASP Christian @xntrik Frichot OWASP Perth Chapter Asterisk Information Security christian.frichot@asteriskinfosec.com.au Copyright 2007 The OWASP Foundation Permission is granted
More informationPresented By: Gregory M. Kurtzer HPC Systems Architect Lawrence Berkeley National Laboratory CONTAINERS IN HPC WITH SINGULARITY
Presented By: Gregory M. Kurtzer HPC Systems Architect Lawrence Berkeley National Laboratory gmkurtzer@lbl.gov CONTAINERS IN HPC WITH SINGULARITY A QUICK REVIEW OF THE LANDSCAPE Many types of virtualization
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : AWS-Developer Title : AWS Certified Developer - Associate Vendor : Amazon Version : DEMO Get
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationImportant DevOps Technologies (3+2+3days) for Deployment
Important DevOps Technologies (3+2+3days) for Deployment DevOps is the blending of tasks performed by a company's application development and systems operations teams. The term DevOps is being used in
More informationExploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
More informationChef Server on the AWS Cloud
Chef Server on the AWS Cloud Quick Start Reference Deployment Mike Pfeiffer December 2015 This guide is also available in HTML format at http://docs.aws.amazon.com/quickstart/latest/chef-server/. Contents
More information6 Cloud/Grid Computing
6 Cloud/Grid Computing On-line lecture: http://buchananweb.co.uk/adv/unit06.html 6.1 Objectives The key objectives of this unit are to: Provide an introduction to cluster, grid and cloud infrastructures.
More informationCreating a Multi-Container Pod
CHAPTER 13 Creating a Multi-Container Pod A Pod is the atomic unit of an application managed by Kubernetes. A Pod has a single filesystem and IP Address; the containers in the Pod share the filesystem
More informationRuss McRee Bryan Casper
Russ McRee Bryan Casper About us We re part of the security incident response team for Microsoft Online Services Security & Compliance We ask more questions than provide answers This presentation is meant
More informationInstalling Oxwall completely in Amazon Cloud
Contents Installing Oxwall completely in Amazon Cloud... 1 PART 1 Creating AWS Instance... 1 Section 1 Security Group... 1 Section 2 - A LAMP-friendly instance... 2 Section 3 - The Elastic IP... 5 PART
More informationSurrogate Dependencies (in
Surrogate Dependencies (in NodeJS) @DinisCruz London, 29th Sep 2016 Me Developer for 25 years AppSec for 13 years Day jobs: Leader OWASP O2 Platform project Application Security Training JBI Training,
More informationWell, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via
Well, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers. Michael Cherny @chernymi Sagie Dulce @SagieSec
More informationIoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution
Security Penetration Through IoT Vulnerabilities By Troy Mattessich, Raymond Fradella, and Arsh Tavi Contribution Distribution Arsh Tavi Troy Mattessich Raymond Fradella Conducted research and compiled
More informationGrowth of Docker hub pulls
millions 6000 Growth of Docker hub pulls 5000 5000 4000 3000 2000 2000 1000 300 800 1200 0 May-15 Jun-15 Jul-15 Aug-15 Sep-15 2016 A Highly Complex Ecosystem Security challenges of container opera3ons
More informationI run a Linux server, so we re secure
Silent Signal vsza@silentsignal.hu 18 September 2010 Linux from a security viewpoint we re talking about the kernel, not GNU/Linux distributions Linux from a security viewpoint we re talking about the
More informationUsing The Hortonworks Virtual Sandbox Powered By Apache Hadoop
Using The Hortonworks Virtual Sandbox Powered By Apache Hadoop This work by Hortonworks, Inc. is licensed under a Creative Commons Attribution ShareAlike3.0 Unported License. Legal Notice Copyright 2012
More informationHow to go serverless with AWS Lambda
How to go serverless with AWS Lambda Roman Plessl, nine (AWS Partner) Zürich, AWSomeDay 12. September 2018 About myself and nine Roman Plessl Working for nine as a Solution Architect, Consultant and Leader.
More informationPuppet on the AWS Cloud
Puppet on the AWS Cloud Quick Start Reference Deployment AWS Quick Start Reference Team March 2016 This guide is also available in HTML format at http://docs.aws.amazon.com/quickstart/latest/puppet/. Contents
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationRuntime Application Self-Protection (RASP) Performance Metrics
Product Analysis June 2016 Runtime Application Self-Protection (RASP) Performance Metrics Virtualization Provides Improved Security Without Increased Overhead Highly accurate. Easy to install. Simple to
More informationMANAGING MESOS, DOCKER, AND CHRONOS WITH PUPPET
Roger Ignazio PuppetConf 2015 MANAGING MESOS, DOCKER, AND CHRONOS WITH PUPPET 2015 Mesosphere, Inc. All Rights Reserved. 1 $(whoami) ABOUT ME Roger Ignazio Infrastructure Automation Engineer @ Mesosphere
More informationMidterm Presentation Schedule
Midterm Presentation Schedule October 18 th Aurora, Bash, Sangam October 20 th Flash, Omega, CodeRing October 25th Omni, Aviato, NPComplete Mid Term Presentation Format 25 minutes Be prepared to use the
More informationMCAFEE FOUNDSTONE FSL UPDATE
2017-JUL-03 FSL version 7.5.940 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary
More informationCS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!
CS 642 Homework #4 Due Date: 11:59 p.m. on Tuesday, May 1, 2007 Warning! In this assignment, you will construct and launch attacks against a vulnerable computer on the CS network. The network administrators
More informationCONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT
CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote "Using Docker" for O'Reilly 40% Discount with AUTHD code Free Docker Security minibook http://www.oreilly.com/webops-perf/free/dockersecurity.csp
More informationdatapusher Documentation
datapusher Documentation Release 1.0 Open Knowledge International July 13, 2018 Contents 1 Development installation 3 2 Production installation and Setup 5 2.1 Download and Install (All CKAN Versions)...............................
More informationIntroduction to containers
Introduction to containers Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Plan Introduction Details : chroot, control groups, namespaces My first container Deploying a distributed application using containers
More informationPass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores
Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version :
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationInstalling and Using Docker Toolbox for Mac OSX and Windows
Installing and Using Docker Toolbox for Mac OSX and Windows One of the most compelling reasons to run Docker on your local machine is the speed at which you can deploy and build lab environments. As a
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationBUILDING A GPU-FOCUSED CI SOLUTION
BUILDING A GPU-FOCUSED CI SOLUTION Mike Wendt @mike_wendt github.com/nvidia github.com/mike-wendt Need for CPU CI Challenges of GPU CI Methods to Implement GPU CI AGENDA Improving GPU CI Today Demo Lessons
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More information