28 November 2018
19:00 - 19:20 - arrive, food & drink, networking
19:20 - First talk from Luke, co-founder of Control Plane, will be on 'Secure Kubernetes Application Delivery'
Zero-day exploits are a regular part of complex systems. How would you survive the next Heartbleed? Do you know what libraries you are running in production? If a vulnerability is exploited, can data be exfiltrated? Container technologies make it easier for you to avoid becoming the next Equifax. In this talk, Luke will share with you how to secure applications in high-compliance environments. He will explore security testing, metadata management, in-toto, and Grafeas - two supply-chain security open-source projects from NYU and Google. You will learn how to lock down applications and networks, enforce deployment policies, and secure applications from tomorrow's threats.
Luke is a co-founder of Control Plane (https://control-plane.io), a security-focused Kubernetes consultancy based in London. Luke has delivered critical national infrastructure on Kubernetes for the UK Home Office, and has previously worked as a developer and consultant, helping teams deliver software faster and with increased confidence by embracing container technologies and workflows.
20:00 - Second talk from Ed Robinson, Senior SRE at Cookpad will be on 'Containers uprooted'
Running an application as root has serious implications for the security of your system. How can application vulnerabilities be exploited more easily if your applications run as root? Many application containers in the wild however do run as root, exposing the systems that they run on to potentially catastrophic security implications.
In this talk Ed will share some practical examples and tips for running applications without root using Kubernetes. We will explore some ways to remove the common reasons that applications are run as the root user, and look at building container images that don't need root at runtime.
Ed Robinson is a Senior Site Reliability Engineer at Cookpad where he works on building the infrastructure for the world's largest recipe sharing platform. He is currently writing a book about using Kubernetes on AWS and is a maintainer of a number of open source tools.