Cloud Native Security Landscape & Credential Leaks

In this meetup there will be two in-depth sessions related to cloud-native security.

Session #1: Cloud-Native Security Landscape + Runtime Security

Confused by the many acronyms in cloud-native security? Terms like CSPM, KSPM, CIEM, and CWPP can make it hard to stay focused and productive.

This talk clarifies these acronyms by explaining their meanings, connecting them to the increased attack surface, and discussing the related areas to protect. The talk explores the various acronyms and presents interesting research data. Finally, this presentation explains runtime security, demonstrating a Log4Shell attack and explaining how to detect and counter it.

By the end of the talk, attendees will have a comprehensive understanding of the cloud-native security landscape (including key acronyms) and be equipped with the knowledge to implement a strong security practice.

Session #2: Taking care of security during the development process

In this session, we would like to talk about the importance of security during development as well, regarding code that is developed and synced in git repositories. For this, we would like to present some Github security features, specifically Code Scanning, which is able to identify vulnerability and code errors.

Session #3: Capture the flag and get the cookie

After this part we will dive into what to do when credential leakage does happen, ending with an interactive part where we challenge you to find the credentials in the repo. The first one to do it gets a cookie :-)

The exact program:

• 17:30-18:00 | Welcome & pizza

• 18:00-18:30 | Session: Cloud-Native Security Landscape + Runtime Security

• 18:30-19:00 | Session: Taking care of security during the development process

• 19:00-19:05 | Short break

• 19:05-19:35 | Hands-on session: Catch the flag and get the goodies

• 19:35-20:00 | Aftertalk & Drinks