Most configuration files are processed using ‘object unmarshaling’ (or
deserialization) into internal data structures. While this is easy
and fast, it’s not very flexible for configuration. In most cases
a “single value” and an element with a single value are treated
How do various Linux distributions implement a operating system for
use in virtualized or cloud environments? One proxy for
size and complexity is the number of packages installed. While not a perfect
comparison, in general, less is more. In Amazon’s US-WEST-1 region, I fired up
the a number of Linux distributions and counted the number of packages
libinjection: From SQLI to XSS (version 2) was first presented at Code Blue, Tokyo Japan on 2014-02-18. English and 日本語
libinjection: From SQLI to XSS (version 1) was first presented at OWASP AppSec Socal, in Santa Monica, California.
The Origins of Insecurity first presented at LASCON 2013, in Austin, Texas.
First presented at DevOpsDays, Tokyo on 2013-09-28.
First presented at PHDays on May 24, 2013 in Moscow, Russia. Why don’t developers care about security issues? Why isn’t security training effective? Why do basic application security problems continue to exist? One reason is that long release cycles disenfranchise developers from caring or even knowing about security or operational issues. Continuous Deployment helps address this by small, but frequent, changes to the production environment. At first, this would seem less stable and less secure, however continuous deployment is a lot more than “pushing code”.
First presented at Security Development Conference on May 14, 2013 in San Francisco, USA. Do you have an effective release cycle? Is your process long and archaic? Long release cycle are typically based on assumptions we haven’t seen since the 1980s and require very mature organizations to implement successfully. They can also disenfranchise developers from caring or even knowing about security or operational issues. Attend this session to learn more about an alternative approach to managing deployments through Continuous Deployment, otherwise known as Continuous Delivery.
First presented at DevOpsDays on May 1, 2013 in Austin, Texas.
First presented at RSA USA 2013 on February 27, 2013 in San Francisco.