Security Day
It's better to be safe than sorry!
Save Your SpotThank you for joining the event. We will let you know when it starts.
in partnership with
Together with BOSCH we invite you to a full day of learning more about the intersection of mobility and code. Get to know more about how modern mobility is defined by an intricate interplay of hardware and software and how cars are not only connected to the road, but also to the cloud.
Coding the Future of Mobility features a variety of talks and a workshop, that give you valuable insights into the world of mobility - wether you join in-person or online.
Together with Bosch we invite you to a full day of learning more about the intersection of mobility and code. Get to know more about how modern mobility is defined by an intricate interplay of hardware and software and how cars are not only connected to the road, but also to the cloud.
Coding the Future of Mobility features a variety of talks and a workshop, that give you valuable insights into the world of mobility - wether you join in-person or online.
"Have you ever wonder how attacking web applications looks like? How would you retrace the attacker’s steps in order to identify what has been done? In this workshop, you will have the chance to understand everything from both the attacker’s and the defender’s perspective, allowing you to actively participate in the process, breaking down the reasoning behind the decisions that eventually, will lead the application to be compromised. The aftermath will be a detailed analysis through all the breadcrumbs left by the attacker, resulting in its footprint."
Antonio Mello is a Brazilian born and raised AppSec Engineer and privacy advocate, passionated about Cyber Security. In a previous life, he also worked as a software engineer for a variety of different companies across the globe. When he’s not behind the keyboards trying to come up with PoC’s for new exploits, you can find him experimenting with music composition or struggling to accept skateboarding isn’t as easy as it was back when he was 16 years old.
Amine Abed is a Junior SOC Security Analyst at SoSafe, passionate about Cyber Security from a young age and a SIEM enthusiast. He has acquired a good experience in penetration testing and offensive security which gave a him the necessary foundation for his role as SOC Security Analyst. He is also passionate about python so he enjoys automating security related things during his free time.
In a live evocation of the recent O'Reilly title Hacking Kubernetes (Martin, Hausenblas, 2021), this ultimate guide to threat-driven Kubernetes defence threat models and details how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to attack and defend against a range of historical and current CVEs, misconfigurations, and advanced threats: See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation. Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers. Delve into workload identity and advanced runtime hardening. Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise. Learn to navigate the choppy waters of advanced Kubernetes security.
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience delivering containerised solutions to enterprise and government. He is CEO at https://control-plane.io
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address. Join me for a hands-on Java and cloud native live-hacking session, to show common threats, vulnerabilities, and misconfigurations. Most importantly, we'll also show how you can protect your application with actionable remediation and best practices for each exploit we demonstrate.
Agenda:
Vandana is Security Solutions Architect at Snyk. She is a Vice-Chair of the OWASP Global Board of Directors. She leads Diversity Initiatives like InfosecGirls and WoSec. She is also the founder of InfosecKids. She has experience ranging from Application Security to Infrastructure and now dealing with Product Security. She has been Keynote speaker / Speaker / Trainer at various public events including Global OWASP AppSec events to BlackHat events to regional events like BSides events in India.
Traditional application security and more modern API security approaches often focus on writing secure code, and righteously so. But building secure APIs goes way beyond coding alone. One common example is the use of an API gateway to enforce security.In this session, we look at how to improve API security by designing a robust API architecture. We investigate security patterns and components that you can use, along with their pros and cons. You will walk away from this session with a solid understanding of best practices to secure your API architecture.
Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide. His online course platform allows anyone to learn complex security topics at their own pace. Philippe is a Google Developer Expert and an Auth0 Ambassador for his community contributions on the security of web applications and APIs.
