##About Rootconf Pune:
Rootconf Pune is a conference for:
- DevOps engineers
- Site Reliability Engineers (SRE)
- Security and DevSecOps professionals
- Software engineers
- Network engineers
The Pune edition will cover talks on:
- InfoSec and application security for DevOps programmers
- DNS and TLS 1.3
- SRE and distributed systems
- Containers and scaling
Speakers from Flipkart, Hotstar, Red Hat, Trusting Social, Appsecco, InfraCloud Technologies, among others, will share case studies from their experiences of building security, SRE and Devops in their organizations.
Two workshops will be held before and after Rootconf Pune:
- Full-day Prometheus training workshop on 20 September, conducted by Goutham V, contributor to Prometheus and developer at Grafana Labs. Details about the workshop are available here: https://hasgeek.com/rootconf/2019-prometheus-training-pune/
- Full-day DNS deep dive workshop on 22 September by Ashwin Murali: https://hasgeek.com/rootconf/2019-dns-deep-dive-workshop-pune/
Rootconf Pune will be held on 21 September at St. Laurn Hotel, Koregaon Park, Pune-411001.
##To know more about Rootconf, check out the following resources:
For information about the event, tickets (bulk discounts automatically apply on 5+ and 10+ tickets) and speaking, call Rootconf on 7676332020 or write to firstname.lastname@example.org
Application Security Workflow Automation using Docker and Kubernetes
We are in an age when there are just too many attacker tools, techniques and procedures (TTP). It is pointless to build automation that follow a fixed workflow — a fixed way or order of doing things, which may work for one but will not fit into the requirement of others.
This talk is about building security workflow automation in a distributed environment using free security tools, packaged as Docker containers and running on Kubernetes as the underlying platform for enabling the automation.
The key takeways for the talk are
- Creating a security workflow using 3rd party security tools
- Packaging 3rd party tools as Docker containers
- Connecting various tools through messaging service and object storage
- Running all of these in a Kubernetes cluster
- Challenges and constraints involved in such systems
The intended audience for this talk are
- Information security engineers looking to automate workflows
- DevOps engineers looking to build security scanning in their pipeline
- System Architects building security platforms
- Anyone who thinks repeatative tasks are boring and should be done by machines :)
- An Application Security Workflow - How does it look like
- Mapping an app sec workflow to 3rd party free security tools
- Designing a Distributed System using Kubernetes to execute app sec workflows
- Architecture diagram
- High level overview of various components involved in the system
- Producing and consuming events to drive the workflow
- Adapter pattern for tool integration
- Packaging 3rd party free security tools as docker containers
- Deploying in Kubernetes
- Internet for demo
An accomplished security professional with over a decade of experience in information security solution engineering, services, vulnerability research, reverse engineering and security tools development.
Experienced in security solution development using Cloud Native and Kubernetes Native technologies. Developed tools and technology to find vulnerabilities in web applications, network servers, client-side applications. Conducted product security audit of enterprise applications and credited with vulnerability discovery (CVE) for the same.
Credited with multiple vulnerability discovery across enterprise products with CVEs to his name such as CVE-2015-0085, CVE-2015-1650, CVE-2015-1682, CVE-2015-2376, CVE-2015-2555, CVE-2014-4117, CVE-2014-6113.
An active participant of NULL – India’s largest open security community as a core team member responsible for technology development.
As an open source software contributor, he has developed or contributed to multiple projects including:
He can be reached through: