Explore the critical issue of cloud native supply chain security in this 46-minute DevSecCon talk. Delve into the complexities of trusting production code, examining potential vulnerabilities in system supply chains that motivated attackers can exploit. Analyze the limitations of hardened runtimes and detection methods in preventing zero-day attacks, and understand the challenges posed by malicious internal threat actors and software implants. Investigate various signing options available for supply chain security, and evaluate their effectiveness in addressing key concerns. Gain valuable insights into protecting cloud native environments from potential security breaches and enhancing overall system integrity.
Insecure Execution: Attacking the Cloud Native Supply Chain
Overview
Syllabus
Insecure Execution: Attacking the Cloud Native Supply Chain with Andrew Martin
Taught by
DevSecCon
Related Courses
-
Untrusted Execution - Attacking the Cloud Native Supply Chain
-
Kubernetes Security: Implementing Supply Chain Security
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
-
Safeguarding Cloud Native Supply Chain - Notary Project Overview and New Features
-
4 CI Security Best Practices to Prevent Cloud-Native Supply Chain Attacks
-
Cloud Native Supply Chain Security with Tekton and Sigstore
