Best practices in Cloud Development!

Arcady is pleased to host this meetup, focusing on the best practices in Cloud Development! Join us for a fun evening of knowledge sharing, socializing and of course… bitterballs!

Event Schedule
18:30 - Doors open
18:55 - Introduction
19:00 - Talk 1: Jan de Vries | Going PaaSwordless in Azure
19:45 - Talk 2: Barbara Forbes | Infrastructure as Code: Better safe than sorry
20:30 – Break
20:45 - Talk 3: Joost Pol | Hacker Mindset - Cloud Edition
21:30 - Beer, bitterballs and socializing until the bar is closed

Talk 1: Jan de Vries | Going PaaSwordless in Azure
Making your accounts passwordless is the latest transition to get rid of insecure accounts. A great shift, but how does this work during application development? Within Azure, it's also possible to get rid of most, if not all, of your passwords, keys, etc. By only working with Managed Identities to access resources you can get rid of all those secrets in Key Vault or your application configuration.

In this session, Jan will show you how to use these features in Azure Functions and also regular App Services. You can even use managed identities to access your own, or external, API's which will also be covered. After this session, you'll have enough knowledge on how to set up your App Service, Azure Functions, Storage Accounts, SQL Azure, and other services to make sure your PaaS environment is passwordless, just like your user accounts.

About Jan de Vries
Jan de Vries has been designing & developing software solutions for quite a while now. In the past decade, most of his solutions are delivered within the Microsoft Azure ecosystem. During this time, he's been collaborating a lot with multiple customers & development teams and empowering them to implement the best possible solutions. Every project comes with its challenges, but having an agile mindset helps deliver simple solutions for complex problems. By having a broad, hands-on, experience on multiple projects he was able to guide decisions based on his experience and make sure the customer sets itself up for success. All to make sure the result matches with their vision for the future.

Talk 2: Barbara Forbes | Infrastructure as Code: Better safe than sorry
With infrastructure as code, you can deploy resources to Azure with just a few lines of code. It's easy to start, just click "export template", copy PowerShell code from the documentation or use the VSCode extensions for ARM templates or Bicep. What could possible go wrong?

With great power comes great responsibility. How do we make sure the code, the Azure resources and the team running it are all safe? In this talk, we will look at different ways to test Bicep and ARM templates before they are deployed through CICD pipelines. After that, let's not forget about the team processes to protect the environment and ourselves. In the end you will have some practical guidance to ensure your code is secure, risks are mitigated and you can work together to manage your Azure environment.

About Barbara Forbes
Barbara works as the Azure technical lead for OGD in the Netherlands. She is a Microsoft MVP Azure, MCT and GitHub Star. Her focus is on Azure and automation. Think Serverless, Azure DevOps, PowerShell, GitHub and Infrastructure as Code. She loves teaching in an approachable way. She regularly writes posts for her blog and speaks at conferences and user groups. She helps grow the community as co-owner of the Dutch DevOps & GitHub community (DDOG), as well as co-hosting the Dutch PowerShell User Group (DUPSUG).

Talk 3: Joost Pol | Hacker Mindset - Cloud Edition
How secure is your cloud deployment? What happens when one of your frontend servers is compromised? How easy is it to break out of a docker
container? What is ARP spoofing and what does it have to do with GKE?
Why are SSRF vulnerabilities twice as fun in the cloud?

The special "cloud" edition of the Certified Secure Hacker Mindset
presentation answers these questions. During this highly interactive and
technical presentation Joost will show-case multiple vulnerabilities
using fun and realistic examples.

About Joost Pol
Joost Pol (1979) has more than 20 years of experience in digital
security. Starting out as a Penetration Tester and Software Auditor.
Recognizing the need for practical hands-on security training and
certification he co-founded Certified Secure in 2007. Joost Pol is currently the CEO at Certified Secure and is internationally recognized for his expertise in IT security. In 2012 he was the winner of the Pwn2Own competition, successfully compromising the iPhone. In 2015 a critical vulnerability in PolarSSL was disclosed by Pol, affecting the popular OpenVPN-NL software used by the dutch government.

Hosted by Arcady. Follow us on LinkedIn, Twitter and the Web!