Are We Ready For The Next Cyber Security Crisis Like Log4Shell?

"AI era is bright, but full of terrors!"

In a world where vulnerabilities like Log4Shell, Shai-Hulud, and the XZ Backdoor make headlines, securing our software ecosystem has never been more critical. In this session, Soroosh, a hands-on architect with experience working on security platform services for large enterprises like Rabobank, will share practical strategies and best practices for securing the software development process, applicable to both small startups and large organizations.

Key takeaways and questions that will be answered in this session:

• [Live Demo] What is a "Supply Chain Attack," and how dangerous can it be?
• An example of lateral movement that begins with a basic SQL injection attack and escalates to gaining root access to a Kubernetes cluster
• Exploring new attack vectors in the AI era and the defense strategies to detect, prevent and mitigate them
• Most effective practices to secure your CI/CD process
• Practical strategies on how Software Bill of Materials (SBOM) help us prepare for the next Log4Shell crisis?
• What does DevSecOps mean, and what is its main objective?