(A talk given at PIPELINE Conference – March 2017 – Insecure Containers – Continuous Defence Against Open Source Exploits – https://pipelineconf.info/2017-event/speakers/)
“How can we secure ourselves against unknown vulnerabilities in the Internet’s most widely used applications and libraries? To understand this better we must understand how vulnerabilities are introduced and their impact on the systems they exploit.
This talk examines the anatomy of major vulnerabilities, demonstrates their applicability to containerised applications, and explores remediation with container native security tooling throughout the pipeline.
At the end of this session attendees will understand how to escape the constraints of a container, introduce or expand Continuous Security throughout their pipelines, and proactively identify signs of a breach across their infrastructure.”
Andrew is a DevOps Lead for the UK Government with a strong test-first engineering background gained developing and deploying high volume web applications. Proficient in application development and Unix systems architecture and maintenance, he is comfortable profiling and securing every tier of a bare metal or virtualized web stack, and has battle-hardened experience delivering containerised solutions to enterprise clients.