This presentation was recorded at GOTO Chicago 2020. #GOTOcon #GOTOchgo
Yashvier Kosaraju - Product Security Expert at Twilio Inc.
Deploying containers using Kubernetes has become the new defacto deployment standard most companies are turning towards. Developing with containers is very different from traditional development practices and so is securing these containers & deployments. Traditional approaches of security do not scale well with the high paced container world. Automation and CI-CD integrations are more effective ways of keeping your containers secure without slowing your development practices.
In this talk we will look at different security checks you can place at various points within your SDLC [...]
01:41 What does practical security mean?
02:29 Why do traditional approaches not work?
03:20 Container pipeline
04:20 Securing container pipeline
04:43 Base image security
07:35 Container registry security
10:33 Vulnerability scanning
13:21 Docker Daemon security
14:05 Docker runtime security
14:34 Docker CIS benchmark
15:03 Kubernetes CIS benchmark
15:12 Logging & alterting
15:43 Realtime alerting in containers
15:58 Issues at scale
17:22 Helpful resources
Download slides and read the full abstract here:
#Containers #Security #Backend #Programming #SoftwareArchitecture #k8s #Kubernetes #SDLC
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at http://gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.