Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling
34 min

Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Christie Wilson Priya Wadhwa
kubernetes slsa supply-chain-security threat-modeling ci-cd tekton spire sigstore container-security security-frameworks
Hacking and Defending Kubernetes Clusters: We'll Do It LIVE!!
34 min

Hacking and Defending Kubernetes Clusters: We'll Do It LIVE!!

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Fabian Kammel James Cleverley-Prance
kubernetes security cloud-native container-security threat-modeling rbac privilege-escalation container-registry ci-cd attack-vectors network-segmentation data-security
A Look Under the Hood of CNCF Security Audits
31 min

A Look Under the Hood of CNCF Security Audits

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Adam Korczynski David Korczynski
cncf security-audits cloud-native open-source-security threat-modeling vulnerability-management cve salsa-compliance supply-chain-security argo cilium flux
What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust
33 min

What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
James Callaghan Richard Featherstone
zero-trust threat-modeling cloud-native kubernetes istio service-mesh workload-identity authorization opa security distributed-systems
Staring Into the Abyss with the Security Technical Advisory Group
25 min

Staring Into the Abyss with the Security Technical Advisory Group

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Michael Lieberman Marina Moore
cncf cloud-native security supply-chain-security threat-modeling security-assessments zero-trust kubernetes open-source-security security-controls architecture design-patterns
Interactive Playground to Learn Kubernetes and Cloud Native Security
37 min

Interactive Playground to Learn Kubernetes and Cloud Native Security

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Madhu Akula
kubernetes cloud-native-security kubernetes-security container-security vulnerability-assessment attack-vectors security-testing devops-security cyber-kill-chain threat-modeling container-escape
Cluster Grey Zone: Risks in Managed Cluster Middleware
30 min

Cluster Grey Zone: Risks in Managed Cluster Middleware

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Shay Berkovich Barak Sharoni
kubernetes cloud-security managed-kubernetes eks gke aks cluster-middleware attack-surface privilege-escalation container-security threat-modeling fluent-bit node-problem-detector
Nurturing Security Permaculture: Kubernetes SIG Security Update
31 min

Nurturing Security Permaculture: Kubernetes SIG Security Update

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Tabitha Sable Mahé Tardy Savitha Raghunathan Ala Dewberry
kubernetes security sig-security cloud-native community auditing threat-modeling documentation tooling self-assessment cve-feed cve-scanner
Canals and Bridges: Using Amsterdam’s Transit System To Secure K8s Networks
34 min

Canals and Bridges: Using Amsterdam’s Transit System To Secure K8s Networks

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Cailyn Edwards
kubernetes k8s networking security network-policies ebpf threat-modeling observability firewall cni cilium inspector-gadget
Securing the Unseen: Advanced Threats, Best Practices & Challenges in Mobile App Security
22 min

Securing the Unseen: Advanced Threats, Best Practices & Challenges in Mobile App Security

Droidcon - Droidcon London 2024
Mohamed Kerroumi
mobile-security app-security android-security threat-modeling reverse-engineering tampering malware-analysis runtime-protection data-protection key-management obfuscation root-detection android
Securing Android: Tackling Advanced Threats and Enhancing App Security
34 min

Securing Android: Tackling Advanced Threats and Enhancing App Security

Droidcon - Droidcon London 2024
Mohamed Kerroumi
android-security app-security threat-modeling reverse-engineering obfuscation runtime-attacks malware-analysis data-protection key-management mobile-security oasp root-detection android