YoVDO

DevSecOps by Default: Lessons from Log4Shell - What We Have, Can, and Must Learn

Offered By: Confreaks via YouTube

Tags

DevSecOps Courses Risk Analysis Courses Application Security Courses Software Supply Chain Security Courses Log4Shell Courses Keptn Courses Falco Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the impact of Log4Shell on DevSecOps practices and learn strategies to strengthen software supply chain security in this DevOpsDays Boston 2022 conference talk. Delve into real-world stories from DevSecOps teams on the frontlines during the Log4Shell incident, examining application security approaches and tools for detecting vulnerabilities during delivery and production. Discover how open-source projects like Falco and Keptn can help enforce a "Secure by Default" policy. Gain insights into vulnerability detection, instrumentation, risk analysis, and continuous security scanning. Understand the importance of automating security processes through tooling and explore the role of Captain in enhancing DevSecOps workflows.

Syllabus

Introduction
Alarm went off
Why is this important
Security is hard job
Agenda
Quick recap
Timeline
Log4J
InsecureBank
Log for Shell
Vulnerability detection
Instrumentation
Risk Analysis
Summary
Continuous Security Scanning
Automate through tooling
What does Captain do
Captain overview
The big picture
Wrap up


Taught by

Confreaks

Related Courses

Automate Your Multi-Stage Continuous Delivery and Operations With Keptn
TechWorld with Nana via YouTube
Automatically Detect the Top Performance & Scalability Issues in Distributed Architectures
USENIX via YouTube
Introduction to Keptn - Part II: Quality Gates and Automatic Remediation
Rawkode Academy via YouTube
Introduction to Keptn - Part I: Onboarding and Deploying Services
Rawkode Academy via YouTube
Shipping Code like a Keptn - Automating Your Delivery Pipelines so You Can Focus on What Matters
Devoxx via YouTube