AppSec Tips & Tricks for Cloud Native and Kubernetes Environments – Kiran Kamity – ASW #209
The unique nature of cloud native apps, Kubernetes, and microservices based architectures introduces new risks and opportunities that require AppSec practitioners to adapt their approach to security tooling, integration with the CI/CD pipeline, and how they engage developers to fix vulnerabilities.
In this episode, we’ll discuss how AppSec teams can effectively manage the transition from securing traditional monolithic applications to modern cloud native applications and the types of security tooling needed to provide coverage across custom application code, dependencies, container images, and web/API interfaces. Finally, we’ll conclude with tips and tricks that will help make your developers more efficient at fixing vulnerabilities earlier in the SDLC and your pen testers more effective.
Segment Resources: https://www.deepfactor.io/kubernetes-security-essentials-securing-cloud-native-applications/ https://www.deepfactor.io/resource/observing-application-behavior-via-api-interception/ https://www.deepfactor.io/developer-security-demo-video/
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Security Weekly listeners save 20% on InfoSec World 2022 passes! InfoSec World will be held September 27th through the 29th at Disney's Coronado Springs Resort in Lake Buena Vista, Florida. Visit securityweekly.com/isw and use the code ISW22-SECWEEK20 to secure your spot now!
Guest
Kiran Kamity is Founder & CEO of Deepfactor. He’s a passionate serial Silicon Valley entrepreneur, former head of product at Cisco Cloud BU. He founded and was CEO of ContainerX (acquired by Cisco). He was also Founder/VP at RingCube (acquired by Citrix). He’s also been a dynamic TEDx speaker. Kiran has a Masters degree in Electrical Engineering from Stanford University.