Security, where to start? Install party 🎉

By David Aparicio

Elevator Pitch

Transform your application into a fortress! Join the event inspired by Linux Install Parties. We’ll follow the US Department of Defense’s DevSecOps approach. Bring your laptop and your project. Learn how to secure your Go app, discuss Docker/GitOps best practices. Elevate your security game now!

Description

Come with your PC/Linux/MAC, you probably know about Linux Install Parties? Then let’s do the same with Security, we will follow the DevSecOps approach of the US Department of Defense. For that, nothing could be easier, come with your computer, your opensource project and your tools (IDE, CI/CD). After a few presentation slides, we will go step by step through the security of your application. If your application is dockerized, we will evoke the good practices of the ANSSI on this subject. We will see, through this workshop, how GitOps/CI/CD allow us and organisations to improve our posture towards security.

We will present the actions done this code in Go and if a participant does not have a flagship project, nor opensource code, we will be able to start from this project (without the workflows)

Prerequisites: basic knowledge of OS, code, CI/CD pipelines

Notes

3h workshop given at DevoxxFR2023 with an average ROTI of 4,5/5, and in 2h format at TouraineTech/TNT2023

Use of the 5 pages article “Security by design”, published in the magazine Programmez! Hors série #8 of September-October 2022 as well as a part of the slides presented during the Volcamp2022 with references to the talk of Yann Schepens and the famous DoD Hardening guides DevSecOps, Kubernetes

Without forgetting the last novelties like SBOM, or those of Kyverno of 2022 with the version 1.7, to have a scan lower than X days to deploy, the integrity of the YAML manifest in the 1.8.

We will present the actions carried out this code in Go and a participant does not have a flagship project, nor opensource code, we will be able to start from this project (without the workflows)

Pre-requisites: basic knowledge of OS, code, CI/CD pipelines

DevoxxFR2023 workshop available here

Don’t hesitate to contact me if you want more details, I can send you the PDF of the article Program! in private