OWASP Meetup Feb 2020

Details

I am pleased to have another Docker image security workshop to make sure everyone can make it this time.

Note it is hands-on workshop with limited seats for better attention, we have more coming, please register if you are interested.

Agenda:
17:30 - 18:00: Gathering and Networking

18:00 - 18:30: Barak Schoster
Embedding security into your Terraform code
Incorporating infrastructure-as-code into software development is helping cloud security practitioners to prevent bad configurations upstream, without inflating development backlogs. In this session, we cover a simple method to write, test, and maintain infrastructure-as-code at scale using policy-as-code. We will go over open source projects to analyze your Terraform code and AWS environment and compare the two approaches (runtime vs static analysis)

Barak Schoster, CTO & Co-founder at Bridgecrew, Author of checkov.io

18:30 - 20:00: Liran Tal
Docker image security best practices workshop:
1. Learn how to find and fix vulnerabilities in docker images
2. Learn how to detect bad defaults and bad configurations in docker images using automated tools
3. Learn how to use deterministic and trusted docker images

Liran Tal, Senior Developer Advocate at Snyk & Node.js Foundation Security Working Group

Please that the next workshop will be for OWASP members
https://wiki.owasp.org/index.php/Membership

Ori