Facebook Twitter LinkedIn


Combined Session
Wednesday, May 10, 2023 14:30—15:30
Location: A 03-04

Cloud-Powered Technologies and Strategies for Secured DevOps Environments

As organizations shift to agile development methodologies and the use of cloud-based platforms, they have the opportunity to leverage the cloud to improve their security practices. By adopting a DevSecOps approach, organizations can integrate security into the development lifecycle and take advantage of the scalability, flexibility, and automation capabilities of the cloud.

In this session, We will explore the benefits of leveraging the cloud for security in DevOps, and discuss the key principles of DevSecOps architecture, including collaboration, automation, and continuous integration and delivery. We will also examine the role of security tools and technologies, such as static code analysis, dynamic testing, and vulnerability management, in the DevSecOps process, and discuss how these tools can be effectively deployed in a cloud environment.

In addition, I will provide practical guidance and strategies on how organizations can implement the latest DevSecOps strategies in their cloud environments. This will include a discussion of best practices for integrating security into the development process, such as setting up security gates, implementing security testing early in the development process, and automating security checks.

Overall, this session will highlight the benefits of leveraging the cloud for improved security in DevOps, and provide practical guidance with the latest cloud technologies on how to implement DevSecOps effectively in a cloud environment.

Fouad Mulla
Fouad Mulla
Fouad is Cloud Security Lead Consultant in Devoteam with over 10 years of professional experience in the digital and software industry at global corporations, Fouad helped many businesses to govern...

Hack a Cloud and Kubernetes

People are under the impression that when you spin up the latest and greatest AKS, EKS, OpenShift or GKE instance, that you're secure. However with K8S, now more than ever the workload underneath matters. One privileged, neglected, container can compromise an entire setup. Rather than just talking about the risks or best practices, this talk is all about showing how easy it is to do.

The talk will first discuss possible attack paths in the Kubernetes cluster, and what differences exist in the attack techniques compared to classic infrastructures. For this purpose, a web application in a container will be compromised, then the Kubernetes cluster and the cloud account. Subsequently, 2 open-source tools will be discussed how such vulnerabilities and misconfigurations can be detected in the different infrastructure layers.

Patrick Münch
Patrick Münch
Patrick knows Security inside out. He is incredibly skilled at protecting and hacking every system he gets his hands on. His passion is hacking hardware and software as well as securing...

Automated Serverless Security Testing: Delivering Secure Apps Continuously

Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster.

How can developers ensure that their code is secure enough? They can scan for common vulnerabilities and exposures (CVEs) in open-source code. They can even scan their Infrastructure-as-Code (IaC) tool to identify insecure configurations. But what about custom code? At many organizations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces (API) calls. As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times.

Fortunately, it does not have to be this way. Organizations can leverage robust security during serverless development, automatically—if it is done properly. In this talk, we will discuss common risks in serverless environments. We will then cover existing testing methodologies and why they do not work well for serverless. Finally, we will present a new, completely frictionles

Tal Melamed
Tal Melamed
Contrast Security
With more than 15 years' experience in Application and Serverless Security, Tal recently co-founded CloudEssence, a cloud-native Application Security company that was acquired by Contrast Security...


On-Demand Access
Re-live EIC 2023
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address