Explore the interconnected risks of vulnerabilities and misconfigurations in cloud-native environments during this 46-minute Linux Foundation webinar. Delve into the evolving attack surface created by DevOps and cloud-native technologies, examining how open-source packages, infrastructure as code, container images, and delivery pipelines form complex interdependencies. Learn about software supply chain attacks that leverage infrastructure misconfigurations and known vulnerabilities, using the Log4j flaw as a case study. Gain insights into the necessity of a proactive, defense-in-depth approach to cloud-native security and discover strategies for comprehensive protection across entire cloud-native application stacks, from code to cloud and application to infrastructure. Topics covered include open source challenges, vulnerability databases, software composition analysis, sources of vulnerabilities, and practical examples to illustrate key concepts.
Vulnerabilities and Misconfigurations in Cloud-Native Security - Two Sides of the Same Risk Coin
Overview
Syllabus
Introduction
Open Source Challenges
Why Open Source
Vulnerability Databases
Open Source Licenses
Early Detection
Software Composition Analysis
Context
Culture
Safety Security
Checkouts Gun
Log4J Example
Sources of Vulnerabilities
Checkoff
Summary
Taught by
Linux Foundation
Tags
Related Courses
-
Stranger Danger - Your Java Attack Surface Just Got Bigger
-
Stranger Danger - Your JavaScript Attack Surface Just Got Bigger
-
Mapping the Minefield of Open Source Software Risks - DevOps 2024
-
Trivy: The All-in-One Open Source Security Scanner
-
Hacking the Cloud Native Renaissance - Lowering Risk of Kubernetes Adoption
-
Cloud developer
