2 Jun 2021
Master Production-grade Best Practices to Build your Node.js Docker Images - Liran Tal, Snyk
You thought you figured out how to build your Node.js web applications with Docker? you're missing out on a lot. Many articles on this topic have been written, yet sadly, without thoughtful consideration of security and production best practices for building Node.js Docker images. In this session, we'll run through step-by-step production-grade guidelines for building optimized and secure Node.js Docker images by understanding the pitfalls and insecurities with every Dockerfile directive, and then fixing it. Join me and master the Node.js best practices for Docker-based applications.
You thought you figured out how to build your Node.js web applications with Docker? you're missing out on a lot. Many articles on this topic have been written, yet sadly, without thoughtful consideration of security and production best practices for building Node.js Docker images. In this session, we'll run through step-by-step production-grade guidelines for building optimized and secure Node.js Docker images by understanding the pitfalls and insecurities with every Dockerfile directive, and then fixing it. Join me and master the Node.js best practices for Docker-based applications.
- 1 participant
- 31 minutes
2 Jun 2021
Package Vulnerability Management and Reporting Collaboration Space for OpenJS World - Darcy Clarke, Github & Wes Todd, Netflix
- 5 participants
- 37 minutes
2 Jun 2021
Webpackage is Probably One of the Greatest Opportunities to Make the Web More Secure and Reliable - Vladimir de Turckheim, Datadog
Webpackage (not Webpack!) as a specification has been discussed for a few years. It evolved a lot but the end goal is still the same: providing packaging for web resources.
What does that mean? Does Webpackage have an impact on web security (spoiler alert! yes)? How can you leverage it today and for what benefits?
Watch this talk to answer these questions and much more.
Webpackage (not Webpack!) as a specification has been discussed for a few years. It evolved a lot but the end goal is still the same: providing packaging for web resources.
What does that mean? Does Webpackage have an impact on web security (spoiler alert! yes)? How can you leverage it today and for what benefits?
Watch this talk to answer these questions and much more.
- 1 participant
- 21 minutes
2 Jun 2021
Security signals are critically important to ensure the quality and stability of code, especially in production environments (or in CI/CD pipelines). A lack of visibility into security weaknesses in code can represent a significant threat. Wouldn’t you want to know about potential security flaws in your code as early as possible?
While tooling in various areas flourishes, from static code analysis to unit and functional testing, security frameworks often have been limited to subject matter experts, rarely used by developer and QA teams and audits, if at all, run at the very end of the software development lifecycle. With the shift-left spirit we believe this has to change. Adding security checks early to your pipeline can save time and brings awareness and exposure of vulnerabilities to developers which ultimately is the silver bullet for security in your company.
In this session, Justin Dolly, Chief Security Officer, and Christian Bromann, Staff Software Engineer of the Open Source Program Office at Sauce Labs, will give exclusive insights on a new platform and a new set of tools designed to test the security of your applications in a simple, effective and very accessible way.
While tooling in various areas flourishes, from static code analysis to unit and functional testing, security frameworks often have been limited to subject matter experts, rarely used by developer and QA teams and audits, if at all, run at the very end of the software development lifecycle. With the shift-left spirit we believe this has to change. Adding security checks early to your pipeline can save time and brings awareness and exposure of vulnerabilities to developers which ultimately is the silver bullet for security in your company.
In this session, Justin Dolly, Chief Security Officer, and Christian Bromann, Staff Software Engineer of the Open Source Program Office at Sauce Labs, will give exclusive insights on a new platform and a new set of tools designed to test the security of your applications in a simple, effective and very accessible way.
- 2 participants
- 22 minutes