Abhisek has over 10 years experience doing security research, security services delivery that includes penetration testing, source code review, training etc. He is currently working as the Head of Technology at Appsecco, where his core area of focus is building security automation platform using cloud native solutions.
He is credited with multiple vulnerability discovery across enterprise products with CVEs to his name such as CVE-2015-0085, CVE-2015-1650, CVE-2015-1682, CVE-2015-2376, CVE-2015-2555, CVE-2014-4117, CVE-2014-6113.
As an open source software contributor, he has developed or contributed to multiple projects including:
* Wireplay * Penovox * HiDump * RbWinDBG
Session: Application Security Workflow Automation using Docker and Kubernetes
We are in an age when there are just too many attacker tools, techniques and procedures (TTP). It is pointless to build automation that follow a fixed workflow — a fixed way or order of doing things, which may work for one but will not fit into the requirement of others. This talk is about building security workflow automation in a distributed environment using opensource security tools and services, packaged as Docker containers and running on Kubernetes as the underlying platform for enabling the automation.
The key takeways for the talk are
1. Creating a security workflow using opensource security tools and services 2. Packaging tools and services as Docker containers 3. Connecting various tools through cloud native services 4. Running all of these in a Kubernetes cluster