We would like to invite you to our next Security Meetup!
Talk language: English
On-site event only @ Floragasse 7, 1040 Vienna (5. floor)
Talk: Security in Agile Development
Vulnerabilities in web applications have served as the number one gateway for cyber attacks since the beginning of the world wide web – and they still do to this day. Especially in agile development, where organizations pursue quick adaptations and short release cycles, the challenge of ensuring security in the resulting products is greater than ever.
In this talk we will take a look at the most important security best practices, including the usage of modern AI, and discuss approaches to include those into today’s agile development processes.
Talk: Turning Container security up to 11 with Capabilities
Container technologies, as popularized first by Docker, already offer a lot of security benefits out of the box the developers and DevOps professionals have come to rely upon. While this has proven to be valuable for increasing the security of many application deployments, it still leaves some room for improvement. Firstly, a lack of deep understanding what protections Docker is offering out of the box can be observed commonly, leading to a dangerous overreliance on the container engine. Secondly, the attack surface of your application can be significantly reduced by leveraging the capabilities functionality of the Linux kernel. Using it, one can greatly reduce the system function a running container has access to, thus limiting the exploitation consequences of a vulnerability in an application.
This talk explains the possibilities of limiting capabilities in a container runtime.
Agenda
17:55: Gathering
18:15: Talk – Security in Agile Development by Daniel Schwarz (condignum)
19:00: Q&A
19:10: Talk – Turning Container security up to 11 with Capabilities by Mathias Tausig (SBA Research)
19:50: Q&A
20:00: Drinks & Get together
Looking forward to seeing you there!
Speakers
Daniel Schwarz (Senior Security Architect at condignum)
Mathias Tausig (Information security consultant at SBA Research)
About the Speakers
Daniel Schwarz is a Senior Security Architect at condignum GmbH in Vienna. After graduating from the St. Pölten University of Applied Sciences in the field of IT and information security, he started his career as a penetration tester and over the last decade has increasingly focused on the topics of secure software development, secure design, threat modeling and security requirements engineering as a security consultant. In his role at condignum GmbH, he is currently working on the question of how exactly these topics can be implemented efficiently and appropriately for organizations of all sizes.
Mathias Tausig received a master’s degree (DI/MSc) in Technical Mathematics from the TU Wien. His professional experience includes a tenure as a Security Officer for a Certification Authority and lecturing IT-Security at the University of Applied Sciences Campus Wien as well as software development and system administration. This allows him to get a holistic view on many IT security related problems.
Registration
Please register via our Meetup site.