- Schedule
- Venue
- Speakers
- Training
- CFP
- Volunteer
- Recreation
- CTF
- Sponsors
- Exhibition
- Resume Clinic
- Job Fair
- CXO Track
- For You
- Hackers Horror Stories
- StartVille
- Goa'19
- Speakers
- Akash Mahajan & Abhishek Datta
Akash Mahajan & Abhishek Datta
Workshop Title
Containers, Kubernetes and Serverless to automate appsec and OSINT workflows
Abstract:
Modern infrastructure like Docker, Kubernetes, Serverless & Cloud Native services are perfect for executing application security workflows and gathering open source intelligence. In this day and age, simply doing ad-hoc security testing is not very effective in thwarting attacks and is inefficient. By leveraging security management workflows for application security and OSINT, we can supercharge small security teams to secure, audit and test large enterprise-wide application infrastructure continuously.
- In this workshop, we will demonstrate how simple it is to
- Fully Automated Deployment security tools on a Kubernetes (K8S) cluster
- Expose command line tools with REST-based APIs
- Connect everything using serverless and cloud-native services
- All of this safely behind Single Sign-On (SSO) authentication Once everything is set up, we will demonstrate how we can conduct application-level scanning and gathering OSINT with visualizing the data with security dashboards.
- Key features of the workshop
- We will be using only free and open source tools
- Sharing our knowledge of the setups and tools usage
- Sharing any scripts/configurations that we will use
- 100% live demos with some time to explain our design choices and answer any questions
Bio:
Abhishek Datta Profile : Abhishek has over 10 years experience doing security research, security services including penetration testing, source code review, training etc. He is currently working as the Head of Technology at Appsecco, where his core area of focus is building security automation platforms using cloud-native solutions. He is credited with multiple vulnerability discoveries across enterprise products with CVEs to his name such as CVE-2015-0085, CVE-2015-1650, CVE-2015- 1682, CVE-2015-2376, CVE-2015-2555, CVE-2014-4117, CVE-2014-6113. As an open source software contributor, he has developed or contributed to multiple projects including:
- Wireplay
- Penovox
- HiDump
- RbWinDBG
Akash Mahajan Profile : An accomplished security professional with over a decade’s experience of providing specialist application and infrastructure consulting services at the highest levels to companies, governments, and organizations around the world. Deep experience of working with clients to provide innovative security insight that truly reflects the commercial and operational needs of the organization from strategic advice to testing and analysis to incident response and recovery. An active participant in the international security community and conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP the global organization responsible for defining the standards for web application security and as a co-founder of null India’s largest open security community. Akash has written and published two books on the topic of application security and security automation
- Burp Suite Essentials
- Security Automation using Ansible2