SlideShare a Scribd company logo

Next Generation Vulnerability Assessment Using Datadog and Snyk

DevOps.com
DevOps.com

Vulnerability assessment for teams can often be overwhelming. The dependency graph could be thousands of packages depending on the application. Triaging vulnerability data and prioritizing actions has historically been a very manual process, until now. With Datadog and Snyk, learn how to trace security and performance issues by leveraging continuous profiling capabilities for actionable insight that help developers remediate problems. Join us on Thursday, January 21 for a unique opportunity to learn more about continuous profiling, vulnerability management, and the benefit to customers from using both of these products. In this webinar, you will: Bust some myths around continuous profiling and learn how Datadog differentiates itself See decorated traces in action for sample Java applications and understand how Snyk + Datadog reduce time to triage supply chain vulnerabilities Learn roadmap information for upcoming public announcements from both partners

Technology
1 of 37
Download to read offline
Vulnerability Assessment using Datadog and Snyk January 21, 2021
Agenda -Introduction -Snyk and Datadog Partnership -Understanding Continuous Profiling -See and analyze a trace -How Snyk Github Action Integrates the source graph -Snyk.io vulnerability mapping technology -User value proposition -Q&A
Who are we? Andrew Krug Technical Evangelist Datadog Liran Tal Senior Developer Advocate Snyk
Snyk and Datadog Partnership
Identify And Prioritize Real-Time Code-Level Security Fixes – Datadog GitHub Actions integration tracks dependency and version information – Snyk augments this production data with security information about vulnerable methods – Available in Datadog & Snyk free tier
Understanding Continuous Profiling
What is Profiling? A form of software analysis that takes place dynamically – Measures software resource usage – Focus on performance and code level execution
Profiling vs Tracing Profiling: ● In the runtime itself. ● Performance focus ○ CPU ○ Memory ○ Method Executions Tracing: ● Instrumented in the code ● Request oriented ○ Databases ○ External APIs
Polling Question #1: What language do you develop in the most? 1. Python 2. Java 3. JavaScript 4. Rust 5. Go
Let’s build it! and then, let’s exploit it!
Sample Java Goof App ● Struts App ● To-Do List ● Open Source
Dockerfile Based + AWS CDK
Dockerfile Based + AWS CDK ● Adds the Datadog Java Flight Recorder Interfaces
Form that in AWS Using the CDK
Some great attributes of the sidecar pattern ● Datadog manages that container for you ● No credentials for Datadog in the running app container ● Binds to the standard Datadog agent port in the “task” ● Uses standards in the language to instrument Flight Recorder Datadog Sidecar DD Agent Jar Datadog
Results
Snyk Integration How’s it work? ● Integrated with your CI/CD ● Github Action Available Builds a dependency graph ● Using Snyk ● Posts that to Datadog with a service & version via unified tagging. http://bit.ly/3qtdJQD
Snyk Integration How’s it work? ● Integrated with your CI/CD ● Github Action Available Builds a dependency graph ● Using Snyk ● Posts that to Datadog with a service & version via unified tagging. http://bit.ly/3qtdJQD Commit Action Dependency Graph Snyk Cli Vulnerability JSON Ship to Datadog
Relevant Vulnerability Information Module ( What? ) ● org.hibernate:hibernate-core Vulnerable Functions ( Where? ) ● org/hibernate/loader/plan/exec/query/internal/SelectStatementBuilder.toStatementString ● org/hibernate/sql/Delete.toStatementString ● org/hibernate/sql/Insert.toStatementString ● org/hibernate/sql/InsertSelect.toStatementString ● org/hibernate/sql/QuerySelect.toQueryString ● org/hibernate/sql/Select.toStatementString ● org/hibernate/sql/SimpleSelect.toStatementString ● org/hibernate/sql/Update.toStatementString
Correlated with tracing! Version Service Correlated Trace using the Execution Graph Who? How?
What open-source components are you importing? 1 Dependency tree annotated with vulnerabilities per each open-source module 1
A developer-first experience for security insights
A developer-first experience for security insights 1 2 3 1 Prioritize code-reachable code 2 Filter to find them quickly 3 Prioritize based on more than a CVSS
A developer-first experience for security insights 1 Prioritize code-reachable code 2 Shows the vulnerable function 1 2
One vulnerability away from being the next Equifax CVE-2017-5638
One vulnerability away from being the next Equifax People had highly personal data exposed Remote code execution vulnerability was exploited From disclosure it took for exploits of the vulnerability to be seen in the wild After disclosure that Equifax was hacked, having failed to fix the vulnerability +150M Apache Struts A few hours 2 months
One vulnerability away from being the next Equifax
One vulnerability away from being the next Equifax
Let’s hack Apache Struts servers
One vulnerability away from being the next Equifax Equifax breach could be most costly in human history
One vulnerability away from being the next Equifax Equifax breach could have been prevented If only there was someone responsible for security… 🤔
One vulnerability away from being the next Equifax
User value proposition
Developer-first Security integrated into your infrastructure monitoring – DevOps creates the infrastructure and make it easily consumable – Developers own the code, developers operate the infrastructure – Shifting-left security and augmenting data with actionable insights – Too many trees to see the forest? prioritize security, smartly!
Follow-up Resources – Engineering blogs deep-dives: – Datadog: – Continuous Profiler – How we wrote a python profiler by Julian Danjou – Snyk: – Reachable vulnerabilities: how to effectively prioritze open source security by Krysztof Huszcza – Optimizing prioritization with deep application-level context by Daniel Berman, Michael Komraz – Open source – Datadog profiler is open source – The Snyk CLI open sourced on a GitHub repository – Sample datadog-snyk integration Java app – Snyk integration Github Action
Follow-up Resources – Datadog and Snyk GitHub Action – Getting started with Datadog and Snyk blog post – Datadog community office hours for any help you need! https://docs.datadoghq.com/developers/office_hours/
Thank you! Q&A

Recommended

DevOps Spain 2019. Beatriz Martínez-IBM
DevOps Spain 2019. Beatriz Martínez-IBMDevOps Spain 2019. Beatriz Martínez-IBM
DevOps Spain 2019. Beatriz Martínez-IBMatSistemas
 
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...DevOps.com
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformDevOps Indonesia
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareAUGNYC
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOpsDaniel Oh
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu
 

Recommended

DevOps Spain 2019. Beatriz Martínez-IBM
DevOps Spain 2019. Beatriz Martínez-IBMDevOps Spain 2019. Beatriz Martínez-IBM
DevOps Spain 2019. Beatriz Martínez-IBMatSistemas
 
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...DevOps.com
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformDevOps Indonesia
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareAUGNYC
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOpsDaniel Oh
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging LibbySchulze
 
DevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesDevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesatSistemas
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpVMware Tanzu
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Introduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemIntroduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemKubeSphere
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
DevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSDevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSatSistemas
 
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsTools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsVMware Tanzu
 
Optimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSOptimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSDevOps.com
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
DevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleDevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleatSistemas
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowImpressico Business Solutions
 
Observe and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsObserve and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsWeaveworks
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXNGINX, Inc.
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factoryscoopnewsgroup
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and HowNotSoSecure Global Services
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
Cloud native programming model comparison
Cloud native programming model comparisonCloud native programming model comparison
Cloud native programming model comparisonEmily Jiang
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...sparkfabrik
 
Code, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayCode, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayAlex Baitov
 

More Related Content

What's hot

Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging LibbySchulze
 
DevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesDevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesatSistemas
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpVMware Tanzu
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Introduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemIntroduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemKubeSphere
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
DevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSDevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSatSistemas
 
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsTools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsVMware Tanzu
 
Optimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSOptimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSDevOps.com
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
DevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleDevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleatSistemas
 
Observe and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsObserve and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsWeaveworks
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXNGINX, Inc.
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factoryscoopnewsgroup
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
Cloud native programming model comparison
Cloud native programming model comparisonCloud native programming model comparison
Cloud native programming model comparisonEmily Jiang
 

What's hot (20)

Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging
 
DevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesDevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -Cloudbees
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOp
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it Work
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
 
Introduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemIntroduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystem
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
 
DevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSDevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWS
 
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsTools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
 
Optimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSOptimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWS
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
 
DevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleDevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-Oracle
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should know
 
Observe and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsObserve and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git ops
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factory
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
 
Cloud native programming model comparison
Cloud native programming model comparisonCloud native programming model comparison
Cloud native programming model comparison
 

Similar to Next Generation Vulnerability Assessment Using Datadog and Snyk

Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...sparkfabrik
 
Code, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayCode, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayAlex Baitov
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Nir Yungster
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depthyalegko
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Continuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
Continuous Delivery to the Cloud: Automate Thru Production with CI + SpinnakerContinuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
Continuous Delivery to the Cloud: Automate Thru Production with CI + SpinnakerVMware Tanzu
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winTiago Henriques
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: KeynoteDocker-Hanoi
 
Modern DevOps with Spinnaker/Concourse and Micrometer
Modern DevOps with Spinnaker/Concourse and MicrometerModern DevOps with Spinnaker/Concourse and Micrometer
Modern DevOps with Spinnaker/Concourse and MicrometerJesse Tate Pulfer
 
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainSafeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainGiovanni Galloro
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixAll Things Open
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure DevelopmentBosnia Agile
 
Begining Android Development
Begining Android DevelopmentBegining Android Development
Begining Android DevelopmentHayi Nukman
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
 

Similar to Next Generation Vulnerability Assessment Using Datadog and Snyk (20)

Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
 
Code, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayCode, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers way
 
Security in open source projects
Security in open source projectsSecurity in open source projects
Security in open source projects
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depth
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
 
Continuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
Continuous Delivery to the Cloud: Automate Thru Production with CI + SpinnakerContinuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
Continuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the win
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: Keynote
 
Modern DevOps with Spinnaker/Concourse and Micrometer
Modern DevOps with Spinnaker/Concourse and MicrometerModern DevOps with Spinnaker/Concourse and Micrometer
Modern DevOps with Spinnaker/Concourse and Micrometer
 
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainSafeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure Development
 
Begining Android Development
Begining Android DevelopmentBegining Android Development
Begining Android Development
 
Dagster @ R&S MNT
Dagster @ R&S MNTDagster @ R&S MNT
Dagster @ R&S MNT
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
 

Recently uploaded

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Next Generation Vulnerability Assessment Using Datadog and Snyk

  • 1. Vulnerability Assessment using Datadog and Snyk January 21, 2021
  • 2. Agenda -Introduction -Snyk and Datadog Partnership -Understanding Continuous Profiling -See and analyze a trace -How Snyk Github Action Integrates the source graph -Snyk.io vulnerability mapping technology -User value proposition -Q&A
  • 3. Who are we? Andrew Krug Technical Evangelist Datadog Liran Tal Senior Developer Advocate Snyk
  • 4. Snyk and Datadog Partnership
  • 5. Identify And Prioritize Real-Time Code-Level Security Fixes – Datadog GitHub Actions integration tracks dependency and version information – Snyk augments this production data with security information about vulnerable methods – Available in Datadog & Snyk free tier
  • 7. What is Profiling? A form of software analysis that takes place dynamically – Measures software resource usage – Focus on performance and code level execution
  • 8. Profiling vs Tracing Profiling: ● In the runtime itself. ● Performance focus ○ CPU ○ Memory ○ Method Executions Tracing: ● Instrumented in the code ● Request oriented ○ Databases ○ External APIs
  • 9. Polling Question #1: What language do you develop in the most? 1. Python 2. Java 3. JavaScript 4. Rust 5. Go
  • 10. Let’s build it! and then, let’s exploit it!
  • 11. Sample Java Goof App ● Struts App ● To-Do List ● Open Source
  • 13. Dockerfile Based + AWS CDK ● Adds the Datadog Java Flight Recorder Interfaces
  • 14. Form that in AWS Using the CDK
  • 15. Some great attributes of the sidecar pattern ● Datadog manages that container for you ● No credentials for Datadog in the running app container ● Binds to the standard Datadog agent port in the “task” ● Uses standards in the language to instrument Flight Recorder Datadog Sidecar DD Agent Jar Datadog
  • 17. Snyk Integration How’s it work? ● Integrated with your CI/CD ● Github Action Available Builds a dependency graph ● Using Snyk ● Posts that to Datadog with a service & version via unified tagging. http://bit.ly/3qtdJQD
  • 18. Snyk Integration How’s it work? ● Integrated with your CI/CD ● Github Action Available Builds a dependency graph ● Using Snyk ● Posts that to Datadog with a service & version via unified tagging. http://bit.ly/3qtdJQD Commit Action Dependency Graph Snyk Cli Vulnerability JSON Ship to Datadog
  • 19. Relevant Vulnerability Information Module ( What? ) ● org.hibernate:hibernate-core Vulnerable Functions ( Where? ) ● org/hibernate/loader/plan/exec/query/internal/SelectStatementBuilder.toStatementString ● org/hibernate/sql/Delete.toStatementString ● org/hibernate/sql/Insert.toStatementString ● org/hibernate/sql/InsertSelect.toStatementString ● org/hibernate/sql/QuerySelect.toQueryString ● org/hibernate/sql/Select.toStatementString ● org/hibernate/sql/SimpleSelect.toStatementString ● org/hibernate/sql/Update.toStatementString
  • 20. Correlated with tracing! Version Service Correlated Trace using the Execution Graph Who? How?
  • 21. What open-source components are you importing? 1 Dependency tree annotated with vulnerabilities per each open-source module 1
  • 22. A developer-first experience for security insights
  • 23. A developer-first experience for security insights 1 2 3 1 Prioritize code-reachable code 2 Filter to find them quickly 3 Prioritize based on more than a CVSS
  • 24. A developer-first experience for security insights 1 Prioritize code-reachable code 2 Shows the vulnerable function 1 2
  • 25. One vulnerability away from being the next Equifax CVE-2017-5638
  • 26. One vulnerability away from being the next Equifax People had highly personal data exposed Remote code execution vulnerability was exploited From disclosure it took for exploits of the vulnerability to be seen in the wild After disclosure that Equifax was hacked, having failed to fix the vulnerability +150M Apache Struts A few hours 2 months
  • 27. One vulnerability away from being the next Equifax
  • 28. One vulnerability away from being the next Equifax
  • 29. Let’s hack Apache Struts servers
  • 30. One vulnerability away from being the next Equifax Equifax breach could be most costly in human history
  • 31. One vulnerability away from being the next Equifax Equifax breach could have been prevented If only there was someone responsible for security… 🤔
  • 32. One vulnerability away from being the next Equifax
  • 34. Developer-first Security integrated into your infrastructure monitoring – DevOps creates the infrastructure and make it easily consumable – Developers own the code, developers operate the infrastructure – Shifting-left security and augmenting data with actionable insights – Too many trees to see the forest? prioritize security, smartly!
  • 35. Follow-up Resources – Engineering blogs deep-dives: – Datadog: – Continuous Profiler – How we wrote a python profiler by Julian Danjou – Snyk: – Reachable vulnerabilities: how to effectively prioritze open source security by Krysztof Huszcza – Optimizing prioritization with deep application-level context by Daniel Berman, Michael Komraz – Open source – Datadog profiler is open source – The Snyk CLI open sourced on a GitHub repository – Sample datadog-snyk integration Java app – Snyk integration Github Action
  • 36. Follow-up Resources – Datadog and Snyk GitHub Action – Getting started with Datadog and Snyk blog post – Datadog community office hours for any help you need! https://docs.datadoghq.com/developers/office_hours/