AppSec California 2019

Moving to the cloud and deploying containers? In this talk I discuss both the mindset shift and tech challenges, with some common mistakes made in real-life deployments with some real life (albeit redacted) examples. We’ll also look at what happens to a container that’s been left open to the Internet for the duration of the talk.

Despite the fact that many organisations are already using/wanting to use containers and quite possibly moving to the cloud at the same time, I find that there is still an inherent lack of understanding from both devs and security teams as to how containerised applications should be designed and run. Many teams simply try to run a containerised application like it would be run on a virtual machine or in the traditional monolithic application stack, and to accompany that they use the traditional security toolset. This opens up the potential for security breaches and or simply an ineffective application that doesn't take advantage of the benefits containerised environments provide.

As I'm conscious this could be a bit of dry topic and I don't want it to sound like a lecture, my talk has many GIFs and memes and real life examples (they are redacted as I can't name where I saw some of these, unfortunately). More seriously though, it includes relevant stories and was developed with input from my real-life experiences and some stories from other engineers and security professionals. I will spin up a container in WebGo and leave it open to the Internet for the talk, and see what happens to it during the course of the talk.