All aboard the fail whale!

Presented at THOTCON 0x9 (2018), May 4, 2018, 6 p.m. (50 minutes).

Docker and its containerization tools have been extremely popular in the DevOps scene for the past few years. These tools can reduce friction when moving applications from development to production, but can also open up a multitude of vulnerabilities. I will go into depth on a few of these issues and show how they are being exploited in the wild. Some of the tools covered in this talk will include Docker, Apache Mesos, Marathon, and Docker Registries. For the offensive team, working tools and examples will be demonstrated on how to exploit these systems and vulnerabilities. Not to leave out the trusty developers, sys admins, and everyone in-between, I'll also go over what actions you need to take to keep your team out of trouble and how to scan for breaches.


Presenters:

  • Erin Willingham
    Erin Willingham is a Lead Platform Engineer for the Salesforce DMP with over 10 years of experience focusing on DevOps and Security.

Similar Presentations: