Are You Deploying and Operating with Security in Mind?

Explore the critical aspects of deploying and operating with security in mind in this 48-minute Devoxx conference talk. Delve into the current threat landscape, focusing on container technology and Java applications, and learn effective strategies to mitigate risks. Gain insights into the impact of security throughout the software creation and delivery lifecycle, understand how container technology alters security requirements, and discover important open-source tools for code scanning and dependency verification. Learn when to implement these tools and follow guidelines for secure software development. Examine topics such as container runtime security, privileges and capabilities, metadata labeling, and security testing in build pipelines. Understand the importance of addressing non-functional requirements and the concept of delaying them to the 'Last Responsible Moment'.

Intro
Containers: Expectations versus reality
Cybercrime is the most profitable type of crime
This is a major vulnerability
Apache struts 2 - the Equifax affair
Container technology 101
Container runtime security 101
Laying the (runtime) foundations
Privileges and Capabilities
Metadata - Adding Labels at build time
Metadata - Adding Labels at runtime
External registry with metadata support
Testing security in the build pipeline
Security Visibility: Basic (Java) Code Scanning
Dependency Scanning
Static Image Scanning
Delaying NFRs to the 'Last Responsible Moment'