POPULARITY
2 episodes with omer levi hevroni
2 episodes with omer levi hevroni
2 episodes with omer levi hevroni
הנושא של Application Security הוא אחד הנושאים החשובים במידול של משטחי תקיפה אפשריים לחברות, בשנים האחרונות נוכחנו להתקפות שונות ומגוונות שנגרמו כתוצאה מפגיעויות בשכבה הזאת כגון: ספריות תוכנה לא מעודכנות, חולשות בפרוייקטי קוד פתוח, בעיות קונפיגורציה של תשתיות או שימוש במקורות מידע ואחסון פגיעים.בפרק זה דיברנו עם עומר לוי חברוני מחברת סניק על עולם הבעיה, דיברנו על איך למדל את הבעיות השונות, ומה הפרקטיקות שצריך לעשות בשביל להתמודד עם האתגרים.[Links]https://www.omerlh.infohttps://snyk.iohttps://www.youtube.com/watch?v=3Fl_7FrM_gIhttps://www.threatmodelingmanifesto.orghttps://threatmodelingbook.com/
Welcome to the first episode in a series where we reflect on the lessons given to us by our previous guests. This episode is a deep focus on security champions — developers with extra training who provide input from the security side of things. Our first perspective comes from episode 59 featuring Steve White, Field CISO of Pivotal, now a part of VMware. Steve shares his enthusiasm for security champion programs and speaks about their role in helping their teams make incremental security changes. After talking about why we should be moving security into the early development cycle, Steve gives advice on giving developers one security problem to focus on at a time. From Steve, we dive into episode 42 where we spoke to Kate Whalen from The Guardian. She highlights the value of organizing meetings for developers who are interested in security. These spaces, she explains, are for engineers to ask questions and come to an understanding that security is a shared responsibility. Next, we listen to Omer Levi Hevroni from episode 24, who was a maven for Asurion — their version of a security champion. He talks about the productivity challenges of being a security champion and needing to complete your tasks. Mirroring Kate's points, Omer emphasizes the importance of having a community to share your experiences with and how conferences and online channels like Slack can serve this need. Our last perspective is provided by Yashvier Kosaraju from episode 66. Yashvier discusses having a security partner on a security team to complement having a security champion on the development team. We talk about the advantages of this system as it allows you to perform a security review on a project as it's being created, ensuring that timelines aren't affected. Our guest's experiences are filled with insight and wisdom. Tune in for more on how you can develop your own security champion program.
Threat modeling, secrets, mentoring, self-care, program building, and much more. Clips from Georgia Weidman, Simon Bennetts, Izar Tarandach, Omer Levi Hevroni, Tanya Janca, Björn Kimminich, Caroline Wong, Adam Shostack, Steve Springett, Matt McGrath, Brook Schoenfield, and Ronnie Flathers. The post Season 5 Finale — A cross section of #AppSec appeared first on Security Journey Podcasts.
There are a lot of choices for managing and encrypting secrets in Kubernetes. Kamus is one of those solutions, and it was developed as an open-source project by Omer Levi Hevroni. Today we’re talking with Omer, a DevSecOps engineer with Soluto at Asurion, about his work on Kamus, its origins, and how it’s being applied for secrets management in Kubernetes.
K8s security with Omer Levi Hevroni (@omerlh) service tickets - Super-Dev Omer’s requirements for storing secrets: Gitops enabled Kubernetes Native Secure “One-way encryption” Omer’s slides and youtube video: https://www.slideshare.net/SolutoTLV/can-kubernetes-keep-a-secret https://www.youtube.com/watch?v=FoM3u8G99pc&&index=14&t=0s We’ve all experienced it: you’re working on a task, adding some code, and then you need to store some sensitive configuration value. It could be an API key, client secret or an encryption key ― something that’s highly sensitive and must be kept secret. And this is where things get messy. Usually, secret storage is highly coupled with how the code is deployed, and different platforms have different solutions. Kubernetes has a promise to simplify this process by using the native secret object, which, as the name implies, can be used to store secrets or sensitive configurations. Unfortunately, Kubernetes secrets are fundamentally broken, and a developer who tries to use them will definitely have some issues. But no need to worry ― there are solid alternatives for storing secrets securely on Kubernetes platform. One solution is to use Kamus, an open-source, git-ops solution, that created by Soluto, for managing secrets on Kubernetes. Kamus can encrypt a secret so it can be decrypted only by your app on runtime - and not by anyone else. The first part of this session will cover the challenges faced when using Kubernetes secrets (from a usability and security point of view). The second part will discuss some of the existing solutions (Sealed Secrets, Helm Secrets and others), their pros, and cons, and then feature Kamus: how it works, what problems it solves, how it differs from other solutions, and what threats it can help mitigate (and what threats it can’t). The talk will cover all that is required to know so you can run Kamus on your own cluster and use it for secret management. Join me for this session to learn how you can build a Kubernetes cluster than can keep a secret ― for real. Speakers Omer Levi Hevroni Kubernetes Secrets Bad, because manifest files hold the user/password, and are encoded in Base64 Could be uploaded to git = super bad https://kubernetes.io/docs/concepts/configuration/secret/ https://docs.travis-ci.com/user/encryption-keys/ Kamus threat model on Github: https://kamus.soluto.io/docs/threatmodeling/threats_controls/ https://medium.com/@BoweiHan/an-introduction-to-serverless-and-faas-functions-as-a-service-fb5cec0417b2 “FaaS is a relatively new concept that was first made available in 2014 by hook.io and is now implemented in services such as AWS Lambda, Google Cloud Functions, IBM OpenWhisk and Microsoft Azure Functions.” Best practices: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/ https://github.com/owasp-cloud-security/owasp-cloud-security https://www.omerlh.info/2019/01/19/threat-modeling-as-code/ https://telaviv.appsecglobal.org/ https://github.com/Soluto/kamus https://kamus.soluto.io Infosec Campout = www.infoseccampout.com
Omer Levi Hevroni has written extensively on the topic of Kubernetes and secrets, and he's a super dev. He's the author of a tool for secrets management called Kamus. Kamus is an open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enables users to easily encrypt secrets that can be decrypted [...] The post Omer Levi Hevroni — K8s can keep a secret? appeared first on Security Journey Podcasts.
Seth and Ken discuss recent events with the .dev domain and why developers should care. Omer Levi Hevroni (@omerlh) stops by to talk about the OWASP Glue Project, the Kamus project for managing Kubernetes secrets, and Threat Modeling as code. Also .Net.
Seth and Ken discuss recent events with the .dev domain and why developers should care. Omer Levi Hevroni (@omerlh) stops by to talk about the OWASP Glue Project, the Kamus project for managing Kubernetes secrets, and Threat Modeling as code. Also .Net.
In episode 24 of The Secure Developer, Guy is joined by Omer Levi Hevroni, DevSecOps Engineer at Soluto, to discuss application security, OWASP, security ‘mavens,' and more. The post Ep. #24, Application Security with Omer Levi Hevroni appeared first on Heavybit.
© 2020-2025 Ivy Podcast Discovery LLC
