Rootconf Sessions

Rootconf Sessions

Presentations on DevOps and Dev-Oops

Make a submission

Accepting submissions till 31 Dec 2020, 11:59 PM

DevOps and Dev-Oops sessions cover:

  1. DevOps (obviously!)
  2. Databases and database disasters
  3. Distributed systems
  4. Systems engineering
  5. Infrastructure security
  6. War stories, failures and anti-patterns with running operations and infrastructure

Rootconf is a forum for:

  1. DevOps engineers
  2. Systems engineers
  3. Software engineers
  4. DevOps leads
  5. Infrastructure security professionals and experts
  6. Cloud service providers
  7. Providers of the pieces on which an organization’s IT infrastructure runs – monitoring, log management, alerting, etc
  8. Engineering managers looking to optimize infrastructure and teams

Contact information: If you have questions, call Rootconf on 7676332020 or email rootconf.editorial@hasgeek.com

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Shrutirupa Banerjiee

@shrutirupa

Secure Coding with Cryptography

Submitted Feb 29, 2020

Secure Coding practices are one of the important aspect in security. Cryptography is another such domain which is often missed while taking care of security. In this session, the audience will learn about basic cryptography and the algorithms used. We will be discussing about some insecure practices and why they should not be used. Once, the audience is well aware of the basics, we will deep dive a bit more into it and learn about implementing good crypto practices in CI/CD pipeline and learning about some security practices in Devops.

Outline

Introduction to crypto and hashing algorithms
1.1 RSA
1.2 ECDSA
1.3 MD5
1.4 SHA-256
1.5 HMAC (SHA-256)
How not to leak your secrets
2.1 Weak private keys in asymmetric ciphers
2.2 Hash collisions (MD5 exmaple)
2.3 Small length and pulically known secrets for symmetric ciphers and HMAC
2.4 Case study Don’t Role your own crypto
2.5 OSINT (github and google dorks examples) leading to secret key information disclosures, good practices that you can implement in your CI/CD pipeline
Awesome data privacy with crypto tools and services
3.1 Tor Onion v3 services for DevOps
3.2 How not to be careless while deserializing data from your session tokens and auth headers (Ex: JWT, flask-session) for system related operations
3.3 AES-CBC with PKCS

Speaker bio

The speaker holds a Master of Science Degree in Computer Applications(MSc(CA)) from Symbiosis International University, with experience in working on blockchain technologies and conducting security reviews for Web and mobile applications, and Ethereum based Smart Contracts in her previous role as an Information Security Consultant and research intern. Currently she is independently researching on Ethereum Based Smart Contracts alongside working as a Web Application Security Analyst with the WAF Research team at Qualys. She is also the Pune Chapter Lead for the Infosecgirls community and also one of the lead for WomenWhoCode in Pune. She has also presented at conferences such as Owasp Seasides 2019, Bsides Singapore 2019, Webinars and Null Chapter and Cyberfrat Meets.

Links

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 31 Dec 2020, 11:59 PM

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more