The Open Web Application Security Project (OWASP) Los Angeles Chapter has teamed up with the Orange County, Inland Empire, San Diego, and San Francisco Bay Area chapters to bring you another great AppSec California. Join us and your peers for amazing talks and networking on January 22-25, 2019!
Thursday, January 24 • 12:00pm - 12:25pm
Lightning Talk: How to Lose a Container in 10 Minutes

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Moving to the cloud and deploying containers? In this talk I discuss both the mindset shift and tech challenges, with some common mistakes made in real-life deployments with some real life (albeit redacted) examples. We’ll also look at what happens to a container that’s been left open to the Internet for the duration of the talk.

Despite the fact that many organisations are already using/wanting to use containers and quite possibly moving to the cloud at the same time, I find that there is still an inherent lack of understanding from both devs and security teams as to how containerised applications should be designed and run. Many teams simply try to run a containerised application like it would be run on a virtual machine or in the traditional monolithic application stack, and to accompany that they use the traditional security toolset. This opens up the potential for security breaches and or simply an ineffective application that doesn't take advantage of the benefits containerised environments provide.

As I'm conscious this could be a bit of dry topic and I don't want it to sound like a lecture, my talk has many GIFs and memes and real life examples (they are redacted as I can't name where I saw some of these, unfortunately). More seriously though, it includes relevant stories and was developed with input from my real-life experiences and some stories from other engineers and security professionals. I will spin up a container in WebGo and leave it open to the Internet for the talk, and see what happens to it during the course of the talk.

avatar for Sarah Young

Sarah Young

Azure Security Architect, Microsoft
Sarah is an Azure Security Architect working for Microsoft. Allegedly she lives in Melbourne but is more likely to be found in airport lounges across Asia. Sarah loves cloud, Kubernetes and container security and spends most of her time telling people how to do it better and generally... Read More →

Thursday January 24, 2019 12:00pm - 12:25pm
Sand and Sea Room