Important notice about SecAppDev 2020

Due to the current situation with COVID-19 (Corona), with deep regret, we feel bound to postpone SecAppDev 2020 indefinitely. While there have been no official instructions to postpone events such as ours or reduce travel, both attendees and speakers have informed us that they are unable to attend SecAppDev.

We hope everyone in SecAppDev stays healthy, and wish everyone the best for the coming months.

SecAppDev 2020 Lecture Details

The hitchhikers guide to secrets for cloud environments

Abhay Bhargav
Friday March 13, 11:00 - 12:30
Short description

From API Keys to encryption keys, the number of secrets an average app requires is increasing. The talk will focus on secrets management for Kubernetes, AWS and Azure environments with some gotchas and implementation nuances

Abstract

Secrets are ubiquitous. From API Keys to encryption keys, the number of secrets an average app requires for its ops, especially in the cloud, is increasing Unfortunately, developers and practitioners are unaware of secrets management, resulting in some very serious vulnerabilities.

In this talk, we discuss how to handle secrets the right way. Concretely, we look at vault-based secrets management for Kubernetes, AWS and Azure environments. Not only do we cover best practices, we also investigate gotchas and implementation nuances across platforms.

Key takeaway

How to handle encryption and secrets in Kubernetes environments, on Azure and on AWS.

Content level

Introductory

Target audience

Developers, application security professionals, cloud professionals

Prerequisites

Basic knowledge of cloud platforms and encryption techniques


SecAppDev is the most immersive application security course you have ever seen

Book your seat now

Abhay Bhargav

Abhay Bhargav

CEO, we45

Abhay Bhargav is the Founder of we45, a focused Application Security Company. He is the Chief Architect of ÔÇťOrchestron"", a leading Application Vulnerability Correlation and Orchestration Framework. Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA 2019, SHACK and so on.

Full speaker profile


Related devops security sessions

Trust Management in SCONE

Lecture by Christof Fetzer

This session presents SCONE, a platform that uses Trusted Execution Environments (TEEs) to enable the delegation of operations to an untrusted provider while guaranteeing data confidentiality.

DevOps Security Friday March 13, 14:00 - 15:30

A practical view of security toolchains in DevSecOps

Lecture by Abhay Bhargav

You wanted to know about DevSecOps Pipelines, but didnt know whom to ask? This anecdotal, demo-filled talk delves into DevSecOps with strategies for tool orchestration, vulnerability management and more. Best yet, you can do all this for $0

DevOps Security Wednesday March 11, 16:00 - 17:30

Lessons from the Node.js ecosystem bug bounty

Lecture by Marcin Hoppe

The Node.js ecosystem bug bounty program allows us to dive deep into the most prevalent JavaScript vulnerabilities, take a look at the state of open source security research, and learn about responsible disclosure at scale.

DevOps Security Friday March 13, 14:00 - 15:30