Qpercom Blog

DevSecCon: Security is for Everyone

Written by Sergio Franco | 29-Nov-2018 16:11:29

Following our yearly tradition of sneaking out of the office for some quality, first-hand extra knowledge on the latest technology updates, we decided to focus on security this year. In line with the spirit brought upon us by GDPR, we chose DevSecCon. DevSecCon is the intersection of security and the Holy Grail that we for so long have been trying to achieve, a DevOps pipeline.

 


The conference took place in CodeNode in London, only a few minutes away by tube from our accommodation in Bethnal Green, which proved just a little bit longer in rush hour ¯\_(ツ)_/¯


Among the many interesting talks, the most insightful for us was Security in the Serverless World, by Yan Cui. This focused on the security concerns for applications running in the cloud. More specifically on AWS, which is our main provider for cloud infrastructure.


On day 2 of the conference, David Cunningham (Qpercom COO) broke away from the talk-going quartet to attend the Attacking & Auditing Docker Containers workshop hosted by Madhu Akula. He is an automation security Ninja from Appsecco, a company that provides practical security advice for DevOps teams.

 

 

Madhu gave a hands-on demonstration of the security flaws in dockerization technologies. These can just be as vulnerable as the applications that are deployed on them, and are paid least attention to by DevOps and Software Development teams. In the workshop, he used real world scenarios where attackers had compromised containers to gain access to the host machines, hosted applications and databases.


After two intense days of conference, we took off back to Ireland with a lot of enriching new knowledge to assimilate and put into practice in our everyday work.