List of videos

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Michal_Davidson_cybersecurity_security_domains Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Contact Michal ➤ michalsaraw@gmai.com Chapters 0:00 intro 1:43 preamble 1:56 about michal 3:00 security domains 4:33 motivation 7:52 security domains 8:50 compliance 11:08 network security 14:33 monitoring 17:05 cryptography 21:34 security architecture 24:05 hacking 26:41 summary 27:16 additional resources 28:08 thank you

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Danish_Tariq_Hassan_Khan_Yusufzai_supply_chain_npm_attacks Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 1:55 about danish 2:37 disclaimer 2:54 supply chain 3:50 software supply chain 4:39 supply chain attacks 4:45 examples 6:11 npm (node package manager) 9:18 maintainer email address takeover 9:54 significance of maintainer email - recently 10:53 process - attacker's perspective 11:32 defensive strategy for projects or companies 13:49 research - wordl-wide-how 14:53 hassan intro 15:58 research - npm packages (domains) 22:37 impact!!! 24:48 gap that could be filled 26:04 ruby gems research approach 26:56 vulnerable ruby gem 27:24 hardest part! 27:43 some fun stuff! 28:22 another tool: script to detect dependency confusion 28:31 gemscanner 29:11 solutions 31:58 any questions? 32:22 thank you!

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Sam_Gabrail_secrets_management_gitops_argocd_hashicorp_vault_injector Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC TeKanAid Academy ➤ https://tekanaid.com/courses Chapters 0:00 intro 1:43 preamble 1:58 intro to gitops with argocd 3:38 school app introduction 4:24 school app components 5:37 school app k8s output 6:04 add vault to the school app 6:52 kubernetes auth method 8:51 the vault agent sidecar injector overview 12:02 mutation effects 13:22 vault agent config to render secrets 13:55 school app annotations example 14:58 vault agent templates overview 15:35 vault agent templates workflow 16:32 vault agent templates with annotations 18:04 demo 47:23 thank you

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Dwayne_McDaniel_detecting_honeytokens Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 2:00 about dwayne 2:50 let's deploy something real quick 3:12 attackers want your credentials 3:54 uber breach - september 2022 4:49 astrazeneca - november 2022 5:34 circleci - january 2023 6:44 hardcoded credentials 7:11 we know how attackers behave 7:29 what attackers want 7:54 in the 2023 of the state of secrets sprawl 9:00 a brief history of cyber deception 17:05 what is a honeytoken? 19:26 honeytoken options 19:37 open source - the diy route 21:11 commercial options - off the shelf 23:37 honeytoken best practices 29:01 let's check on our honeytoken from earlier... 31:37 in conclusion 32:42 honeytoken options 33:24 thanks, reach out!

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Fulvio_Colombrino_detect_known_unknowns Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Contact Fulvio ➤ fulvio.colombrino@virgilio.it Chapters 0:00 intro 1:43 preamble 2:39 about fulvio 3:09 pyramid of pain 4:14 is it necessary ? 5:23 three main focus poins of the pandora project 6:45 a tailored defensive solution 7:37 ttp based threat hunting 8:47 methodology workflow 12:43 baseline and its impact 15:16 threat model 16:06 testing environment 17:53 deliverables 19:05 use case 20:44 testing phase 21:05 results 22:09 what next ? 23:24 thank you, questions ?

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Jhonnatan_Gil_Chaves_security_development_continuous_delivery Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 2:08 who is jhonnatan gil? 3:09 agenda 3:40 containerized applications? 7:23 how to help on sdlc 13:26 general challenges 14:33 image vulnerabilities 16:48 misconfigurations 20:09 supply chain attacks 23:18 identity and access management (iam) 25:18 address on sdlc 27:28 demo 42:09 conclusion 43:55 brief resume 44:30 survey 44:43 thank you 45:08 references

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Marek_Najmajer_Aleksander_Baranowski_beyond_sbom_risk_assessment Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 2:03 agenda 2:59 marek and aleksander 3:37 risk model 5:49 fundamentals 7:15 whys and whats of software composition analysis 8:36 risks - what if we don't? 9:35 software composition analysis - risk management (scarm) 12:01 contributor profile 16:29 project activity = project dynamics 19:56 code quality 22:27 vulnerabilities (cve dynamics) 26:37 how to plug it into the software deployment pipeline? 28:57 production pipeline 30:09 devsecops by linux polska 30:48 how to make it happen? just start... 32:33 new web service platform... 34:31 streamline your security assessments 35:45 sourcemotion 35:54 thank you, contact us!

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Peleg_Porat_configurations_weak_link_chain Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Configu Project ➤ https://github.com/configu/configu Chapters 0:00 intro 1:43 preamble 2:26 who is peleg 2:51 what we will cover 4:06 software bible 5:28 common types of misconfigurations 7:01 permission issues 10:17 unencrypted files and risks 12:53 challenges in monitoring changes 15:34 the automation gap 17:50 defence 20:27 introduction to configu 21:21 managing permissions effectively 23:57 ensuring data encryption 26:14 effective monitoring techniques 27:27 embracing automation 29:12 thank you for your attention

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Travis_Gosselin_fortifying_codebase_github Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC More Travis ➤ https://travisgosselin.com/ Chapters 0:00 intro 1:43 preamble 2:08 about travis 2:30 what is developer experience? 3:53 coding reality 6:50 github feature releases 7:19 security & tooling 9:07 dependabot 22:03 advanced security 37:50 thank you