From Zero to Secure Continuous Delivery in 60 Minutes

Presented at TROOPERS18 (2018), March 14, 2018, 10:30 a.m. (Unknown duration).

Containers, DevOps, Continous Delivery, and Microservices are common terms in today's corporate landscapes. In this presentation, we will start from scratch and build a complete continuous delivery pipeline until the end of our sixty minutes. In the progress, we will discuss principles such as infrastructure-as-code, platform-as-code, and container orchestration and how they need to be interweaved to make the most out of the concepts and reach true continuity. One of the resulting benefits can be security work that is truely weaved into the deployment pipeline. Complementing the functional aspects, we will cover the questions how security considerations can be integrated into a certain component or feature and whether a component, concept, or feature raises security issues. Key security areas will be common platform features (such as logging, monitoring, or secret management), container isolation capabilities, and operational security governance challenges. The final demo of the complete pipeline will then be understood by the audience and covered from both a functional and a security perspective (even though some challenges will remain open).


Presenters:

  • Florian Barth
    Florian Barth is founder and CTO of Stocard - THE Mobile Wallet App. He is responsible for evolving and managing Stocard's docker-backed, cloud-hosted microservices-swarm while staying up to date in security, mobile development, and many other tech topics.
  • Matthias Luft
    Matthias Luft is a security researcher and heads the German security company ERNW. He is interested in a broad range of topics (from hypervisor security to IT security management) and has presented on them on various occasions while keeping up with the daily consulting and assessment work.

Links:

Similar Presentations: