Loading…
In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Wednesday, April 19 • 11:55 - 12:30
Using OpenTelemetry for Application Security, with a Real Life Example - Ron Vider, Oxeye

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.


The composition of application vulnerabilities has changed as a result of the shift from monolithic applications to cloud native applications, but application security testing hasn't kept up, and the security of cloud native applications is at risk. In this presentation, we’ll explore how vulnerabilities have evolved in the shift from monolithic to cloud native and microservices. We’ll see how cloud native vulnerabilities are executed, and how they look like vulnerable flows rather than just a static bug. Starting with an overview of OpenTelemetry, we’ll explore what observability is, why it’s needed in modern software development, and how it works. We’ll then dive into a real life example of a ‘cloud native vulnerability’, and how OpenTelemetry helps us detect it. We will: • Demonstrate a Kubernetes application with two microservices, and a message queue in between them. One microservice exposes an API to the internet, and a payload continues through the MQ up to the internal microservice. • Deploy the application & show the attack • Install OpenTelemetry manually on the environment, and show a vulnerable flow in Jaeger We will also look at the challenges: • Additional security related instrumentation • Test coverage - you don’t know what you don’t know • Installation process

Speakers
avatar for Ron Vider

Ron Vider

CTO, Co-Founder, Oxeye
Ron Vider is the CTO and co-founder of Oxeye, where he oversees the company’s research, engineering and product efforts. Prior to co-founding the company, Ron worked as a security researcher at Orca Security, and led a security research team in the elite Unit 8200 of the Israeli... Read More →


Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity