When organisations consider how to protect their web applications from attacks, they often focus on security scans and pen tests to identify technical security flaws. While this is absolutely correct, there is another risk that often remains undetected until it is too late: business logic attacks.

Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are able to provide granular access controls to developers based on the access they need and when they need it. This makes it possible for employers to maintain secure access without getting in the way of their developers’ daily operations. Join Steven Martin, Solution Engineer at Gravitational, as he demonstrates how to assign access to developers and SRE’s across environments with Teleport through roles mapped from enterprises’ identity providers or SSOs.

Virag Mody, Technical Writer for Gravitational gave a concise talk on Infrastructure Security best practices for SKILupDays DevSecOps 2020. In the talk he covers why certificate authorities are so important, and what individuals can do to create a more secure infrastructure access process.

In this Black Hat 2020 presentation, learn from Elastic Security researchers how to hunt for adversary tradecraft in your organization’s network before damage and loss can occur.

Gravitational COO, Taylor Wakefield, presents at the 2019 Open Core Summit, comparing Commercial Open Source Software ("COSS" aka, Open Core Software) to Proprietary SaaS. This presentation discusses why SaaS emerged, why COSS is now emerging and looks at the S-1 data of recently IPO'd companies in each cohort to validate the assumed benefits of each model.

It is no secret - open source has become the main building block in modern applications, and it is almost impossible to develop software at today's pace without it. However, as the open source community grows, and the number of reported vulnerabilities keeps climbing, manually verifying the security and compliance of open source components can no longer provide the necessary control over the security of these components.

From the Open Policy Agent Summit at KubeCon, Michael Sorens from Chef discusses how OPA provides granular authorization within applications:

From the Open Policy Agent Summit at KubeCon, Jeremy Krach and Will Fu discuss how OPA policies are authored, distributed, and utilized at Pinterest (service mesh, kafka, internal tools). They also cover lessons learned in the process.

From the Open Policy Agent Summit at KubeCon, Luke Massa from TripAdvisor discusses how he leveraged OPA’s API and unit test framework. The example shown is a system in which you write k8s admission policy alongside some mock changes to the cluster, some of which should be accepted and some of which should not be, and then run code that tells you whether your policy matches your expectation.

From the Open Policy Agent Summit at KubeCon, Chris Stivers and Nicholas Higgins from Atlassian walk through their journey building a global authorization platform with Open Policy Agent and the help of Fluentd, S3, CDN's, Amazon Kinesis, and many more.