Rootconf Delhi edition
Rootconf For members

Rootconf Delhi edition

On network engineering, infrastructure automation and DevOps

Tickets

Loading…

Rootconf is a platform to discuss real-world problems around Site Reliability Engineering (SRE), DevOps for data engineering platforms, evaluating and adopting technologies such as Kubernetes and containers, and DevSecOps.

Rootconf Delhi edition will be held on 18 January 2020 at the India International Centre (IIC).

Speakers from Flipkart, Hotstar, MindTickle, Red Hat and Naukri.com will discuss the following topics:

  1. Scaling and engineering challenges from Hotstar’s and Flipkart’s experiences.
  2. Data store choices.
  3. Kubernetes and K8s -- when to choose what and why?
  4. DevSecOps

##Who should attend Rootconf:

  1. Operations engineers
  2. DevOps programmers
  3. Software developers
  4. SRE
  5. Tech leads

To know more about Rootconf, check the following resources:

  1. hasgeek.com/rootconf
  2. https://www.youtube.com/channel/UCDHao9FxNRHw1VyLuGXI_rA

#Sponsors:

Click here to view the Sponsorship Deck.
Email sales@hasgeek.com for bulk ticket purchases, and sponsoring the above Rootconf Series.

Rootconf Delhi sponsors:

#Silver Sponsor
Verizon

#Bronze Sponsors
upcloud SumoLogic

#Community Partner
IFF Null Delhi

For information about the event, tickets (bulk discounts automatically apply on 5+ and 10+ tickets) and speaking, call Rootconf on 7676332020 or write to info@hasgeek.com.

Hosted by

Rootconf
Rootconf
Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more
All submissions

Shreyansh Pandey

@weirdpanda

Please don't do this - a conversation on bad programming practices

Submitted Jul 12, 2019

Section: Workshop (3-6 hours duration) Category: Others

As security analysts, we are often on the offensive side of things; trying to find out the universal contraints under which a system will say nothing by “Sorry” (not sponsored by Justin Beiber). However, as a software engineer, we are on the other side of Select City Walk, oftentimes confused as to how we landed there: the defence. It’s a constant battle of the fittest and the losing side loses (pardon the pun) more than their business.

In this conversation, I will be discussing some really bad ways of writing code and how they are really exploitable. Easily.

A section has also been included to give researchers, development operations’ engineers’ and nerds some insight as to how we discover, disclose and patch these vulnerabilities. We’ll also look at some good vs. bad practices in all realms of the software development live-cycle.

Outline

  • Introduction
  • I write code. Really.
  • Node.js
    • Everyone’s favvvvvv
    • Common misconceptions
    • Don’t evaluate the evil.
    • Prototypes’ AQI is horrible: a tale on pollution;
    • Sharing is caring - how a simple error resulted in a DDoS;
  • Golang
    • A tale of two ellipses: Incorrect EC params (~1.0x);
    • 3 errors of a classic DDoS;
    • 1 configuration parameter;
  • DevOps
    • Your cloud infra’s house: the hardware - forgotten considerations of hardware security;
    • I am who He claims - server-side request forgery;
    • Make me a sandwich - sudo: how we fooled IAM;
    • Peekaboo - don’t leave your security credentials in your VCS;
    • Can you take some REST? No.
    • Containers? Users? Please?
  • Conclusion
  • QA

Requirements

Some knowledge of systems under heavy load/attack. Or:
Some knowledge of systems (what a lovely anaphora).

Speaker bio

I have worked with startups and corporates of all sizes; now, I know that sounds flamboyant but listen to me. I have seen systems on all scales: from mere ideas on a piece of paper to live 350+ nodes serving 10+ mil. people every month. In this short span, I have seen some horrible programming and deployment and with this talk I intend to collate all of those experiences into one 40 minute session detailing the problems as well as their - quite easy, I may say - fixes which may skip the mind of someone starting out into the playing field.

There is a quote by Dalai Lama which comes to my mind - “Know the rules so well, you can break them efficiently” and as someone who taught themselves most of their knowledge base, I am trying to ease the process of saying “Hello, DevOps!” for new engineers and/or students by providing information which I wish was available when I started to “traverse” this mysterious tree of unknowns.

All submissions

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hybrid access (members only)

Hosted by

Rootconf
Rootconf
Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more