List of videos

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Zach_Wasserman_securing_endpoint_open_software Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 2:12 about zach 2:38 what is an endpoint? 3:35 osquery 4:44 select * from users; 6:57 select * from processes 7:38 about fleet 9:54 demo 15:27 deployment 16:43 architecture 17:39 osquery deployment 18:43 thank you!

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Joshua_Arvin_Lat_iac_security_best_practices Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 1:54 about joshua 2:31 let's begin 6:22 tag resources properly 7:05 avoid insecure defaults and regurarly check for announcements in cloud platforms 8:51 secret management & permission management 10:17 why? 12:43 track and manage changes using version control tools 15:05 use pipelines to analyze security vulnerabilities automatically 15:30 be careful when managing resources with iac in pipelines! 16:40 poisoned pipeline execution 17:10 protect specific resources from accidental deletion or modification 18:02 the end

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Grzegorz_Sztandera_devopssup_extended_devops_one_team Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 2:12 lodz city 2:25 who is grzegorz 3:15 pipeline 4:01 devopssup - plug-in approach operations team 8:31 - building 14:07 - overview 19:44 - management 24:18 - future 25:07 - projects 26:46 - statistics 28:55 service event assistant 30:08 flight components 30:49 assistance drug tests 31:49 takeaways 34:45 in case of issues... 35:24 thank you

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Jagdsh_Chand_iterative_threat_modelling_agile_development Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 about jags 2:25 expectations 2:55 threat modelling 3:49 misconceptions about tm 5:18 agile threat modelling 8:11 owasp juice shop 9:26 before starting... 11:05 example: security objective 12:12 what do we want to accomplish? - scoping 13:10 example: scoping 13:44 what are we building? software-centric approach 14:44 example: data flow diagram 15:45 what can go wrong? - evil brainstorming 16:42 methodology. No 'best' way 17:23 spoofed identity 19:50 tampering with input 20:47 repudiation of action 21:33 information disclosure 22:53 denial of service 23:23 elevation of privilege 24:09 example: applying stride 25:07 what are we going to do about it? - prioritize 26:26 example: prioritize 28:45 mitigation 29:51 example: mitigation 30:41 did we do a good job? - reflect... 31:50 iterative threat modelling ...and repeat 33:44 ways of running the workshop 34:39 learn more 35:26 threat modelling in software development lifecycle 36:34 what was the mnemonic again?!?! 36:44 takeaways

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Leonid_Akinin_trusty_package_ttps_oss_python Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 2:04 disclaimer 2:28 contents 3:01 why this topic is important? 5:09 history of supply-chain attacks 8:15 ttps in supply-chain attacks 15:46 starjacking demo 33:08 installation & delivery 35:55 - demo 46:14 exfiltration and c2 47:26 - demo 1:01:16 defences 1:11:42 credits and references 1:12:48 thank you!

Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Timo_Pagel_metricca_software_metrics_collection_analysis Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Contact Timo ➤ timo.pagel@owasp.org Chapters 0:00 intro 1:43 who is timo 2:02 agenda 2:15 devsecops maturity models 3:26 devsecops assessment 4:33 sources 5:17 metric collector and analyzer (metricca) 7:52 manual overview 8:44 threshold flow 9:51 architecture 10:12 uml 11:03 yaml 11:35 configuration.yaml 11:58 activities.yaml 12:05 analyzer task: schema creation 12:19 silverbullet? people and processes 12:55 notes 13:27 questions?

⚪ This time Conf42 gravitates around JVM, Hacking, Mutations, Event-Driven Architectures and more! Whole lineup: https://www.conf42.com/enterprise2021 Conf42 Discord 🧑‍🤝‍🧑💬 https://discord.com/invite/dT6ZsFJ5ZM — 0:00​ Intro 0:14​ Sponsored Segment 3:14​ Preamble ✨ Featured talk 3:40 - Liran Haimovitch ⚒️ Testing Track 4:11 Brian Vermeer 4:33 Catalin Tudose 4:58 Frank Kriegl 5:37 Igor Braga 6:09 Rafal Leszko 🤿 Deep Dive Track 6:31 Grace Jansen 6:56 Bogdan Sucaciu 7:24 Dmitry Vinnik 8:04 Ranjan Mohan & Silvia Siu Luo 8:32 Jonathan Meek 8:53 Mark Hendriks 9:18 Naresha K 10:03 Phillip Kruger 10:22 Rob Hedgpeth 10:53 Yehonathan Sharvit 📝 Lessons Learned Track 11:23 Mappuji Abdurrachman 11:57 Denys Makogon 12:27 Nicolas Frankel 12:48 Tom Granot 13:20 Victor Rentea 14:02​ Thanks! Next Conf42Cast episode — 🥇 Gold Sponsor: Rookout 🥈 Silver Sponsors: IBM Hazelcast Kulkul Technology Microsoft Lightrun Ordina Red Hat Snyk 🤝 Media Partners: AWS [ Inside Dev ] Manning — Website 🚀🪐 https://www.conf42.com Reach out 📧📭 mark@conf42.com Conf42 Discord 🧑‍🤝‍🧑💬 https://discord.com/invite/dT6ZsFJ5ZM LinkedIn 👨‍💼💼 https://www.linkedin.com/company/49110720/ Twitter 🎵🐦https://twitter.com/conf42com Conf42Cast @ Spotify 🎧 https://tinyurl.com/bnyj6a8y

Liran Haimovitch CTO @ Rookout Understandability is the most important concept in software, that most companies today aren’t tracking. Systems should be built and presented in ways that make it easy for engineers to comprehend them; the more understandable a system is, the easier it will be for engineers to change it in a predictable and safe manner. But with the rise of complex systems, it has become all too common that many times we no longer understand our own code once we deploy it. As a result of increasing system complexity, developers are spending too much time firefighting and fixing bugs. In recent surveys, most devs say they spend at least a day per week troubleshooting issues with their code (sometimes, it can be a couple of days up to a full week trying to fix an elusive bug). This is hurting developer productivity and business results. It also creates a tough choice between flying slow or flying blind; as developers, we are too often making decisions without data in order to maintain velocity. — 0:00 Intro 0:26 Talk — 🥇 Gold Sponsor: Rookout 🥈 Silver Sponsors: IBM Hazelcast Kulkul Technology Microsoft Lightrun Ordina Red Hat Snyk 🤝 Media Partners: AWS Manning — Website 🚀🪐 https://www.conf42.com Reach out 📧📭 mark@conf42.com Conf42 Discord 🧑‍🤝‍🧑💬 https://discord.com/invite/dT6ZsFJ5ZM LinkedIn 👨‍💼💼 https://www.linkedin.com/company/49110720/ Twitter 🎵🐦https://twitter.com/conf42com Conf42Cast @ Spotify 🎧 https://tinyurl.com/bnyj6a8y

Brian Vermeer Developer Advocate @ Snyk In this session, we will demonstrate how common vulnerabilities in the Java eco-system are exploited on a daily base by live hacking real-world application libraries. All the examples used are commonly known exploits, some more famous than others, such as Apache Struts and Spring break remote code execution vulnerabilities. By exploiting them and showing you how you can be attacked, before showing you how to protect yourself, you will have a better understanding of why and how security focus and DevSecOps is essential for every developer. — 0:00 Intro 0:26 Talk — 🥇 Gold Sponsor: Rookout 🥈 Silver Sponsors: IBM Hazelcast Kulkul Technology Microsoft Lightrun Ordina Red Hat Snyk 🤝 Media Partners: AWS Manning — Website 🚀🪐 https://www.conf42.com Reach out 📧📭 mark@conf42.com Conf42 Discord 🧑‍🤝‍🧑💬 https://discord.com/invite/dT6ZsFJ5ZM LinkedIn 👨‍💼💼 https://www.linkedin.com/company/49110720/ Twitter 🎵🐦https://twitter.com/conf42com Conf42Cast @ Spotify 🎧 https://tinyurl.com/bnyj6a8y