Join Nico, Philippe, and Wayne for a session full of Containers, Kubernetes, and security! In this talk, you will learn how GitLab Defend features can help you to effectively secure your applications and services. We will guide you through different features using real-scenarios use-cases and demos with demonstrations from the perspectives of a software developer, security engineer, and hacker. You will learn how to secure your application ingress using the Web Application Firewall, securing east-west application traffic with Container Network Security as well as threat detection with Container Behaviour Analytics. Everything within your GitLab project! Walk away and know everything you need to know to successfully secure your cloud native applications and services!

1. Your Attackers Won't Be Happy! How GitLab Can
Help You Secure Your Applications

2. Introductions
● Nico Meisenzahl - white duck - Senior Cloud & DevOps Consultant - @nmeisenzahl
● Philippe Lafoucriere - GitLab - Distinguished Engineer - @plafoucriere
● Wayne Haber - GitLab - Director of Engineering: Threat Management - @waynehaber

3. #GitLabCommit
Roles
● Nico: Application developer
● Philippe: Security operations team
● Wayne Haber: Attacker

4. Normal operation

5. #GitLabCommit
Demo: Normal application use
Photo credit: https://unsplash.com/@cgower

6. Exploit the application!

7. #GitLabCommit
Demo: Attack the application!
Photo credit: https://unsplash.com/@jackson_893

8. Layered security controls

9. Layered security controls
GitLab Secure

10. Layered security controls
GitLab Container
Host Security

11. Layered security controls
GitLab Container
Network Security

12. #GitLabCommit
Demo: Detect the attacks
Photo credit: https://unsplash.com/@olloweb

13. #GitLabCommit
Demo: Fix the security issue
Photo credit: https://unsplash.com/@vantaymedia

14. Defense in depth
1. Design for security
2. Check code for security issues
a. GitLab Secure stage (SAST, DAST, Dependency Scanning, etc)
3. Monitor for attacks. Including:
a. GitLab Defend container network policies (such as WAF and Cilium)
b. GitLab Defend container host policies (such as Falco and AppArmor)
c. GitLab Monitor host & application logs (such as Elastic)
d. Cloud provider logs (such as Cloudwatch and LogAnalytics)
4. Respond to attacks
a. What did the attacker do in Redis?
b. What actions should be taken to respond? (Restore data from backup, etc)
c. Isolate pods for forensics
5. Determine root causes and take action to avoid recurrences
a. Implement network and host policies to be default deny
b. RCA and fix security bugs in code
c. Developer training

15. Thank you and links
Thank you Zamir Martins Filho for the help with the demo environment!
Links:
● Demo App
○ https://gitlab.com/gitlab-commit-defend-demo/sample-app
● K8s management project
○ https://gitlab.com/gitlab-commit-defend-demo/gitlab-commit-aks-management
● GitLab Defend features
○ https://docs.gitlab.com/ee/topics/autodevops/#network-policy
○ https://docs.gitlab.com/ee/user/application_security/
○ https://about.gitlab.com/handbook/engineering/development/threat-management/
● white duck
○ https://whiteduck.de/en/

16. Questions? (in chat)