Every hardcoded secret is a risk. Still, no security engineer has enough time on their hand to go through thousands of incidents! Join Mackenzie Jackson to discover practical strategies to tackle secrets sprawl in your codebase. We will guide you through a framework that empowers your security teams to prioritize using context, investigate incidents collaboratively with development, and, lastly, equip developers with the right tools to stop leaks.

Software supply chain attacks are not a new security concern, but recent high-profile attacks such as SolarWinds, CodeCov, and Kaseya have brought the topic to the forefront of cybersecurity awareness across the globe. Supply chain attacks have not only increased in volume and frequency, but have also become more sophisticated. This trend, together with the potentially wide impact of a singular successful supply chain attack, requires maintainers to take dedicated steps to ensure the security and integrity of their projects. You will learn how to secure your CI/CD pipeline by setting up guardrails at each stage and hardening your OSS projects.

Our software supply chains are under constant attack, and the old ways of AppSec are not infallible. Attackers are now spearphishing developers, exploiting hardcoded secrets and contaminating the open-source ecosystem to find a way in. What might save us? Good old honeytokens. Decoy secrets or honeytokens, can help you lay traps in every corner of the DevOps pipeline: code repositories, CI pipelines, registries, and more... Join us to learn how to turn the table on attackers and trick them into revealing themselves!

How long did it take to fix critical vulnerabilities in the last quarter of the year?

Without metrics, it is challenging to answer these types of questions and prove the effectiveness of an AppSec program. While manually tracking AppSec metrics can be a challenging if not an impossible task, orchestration and automation can help unlock the power of AppSec metrics for a measurable AppSec program.

Learn about the core components of secrets management and how automating secrets workflows can significantly enhance security and operational safety in the DevOps process. From secrets storage and governance to orchestration, lifecycle management, and observability, we’ll walk through each layer of SecretOps, providing real-world insights and best practices. Get ready to empower your team with the tools and knowledge to streamline secrets management and ensure robust security practices in your organization.

Building containers today is a very manual process that requires artisanally handcrafting a Dockerfile or copy/pasting one from the internet. Is there a better way? We think so, and that's why we built Wolfi OS. Wolfi is a stripped-down community Linux distro designed for the cloud-native era. It doesn't have a kernel of its own, instead relying on the environment (such as the container runtime) to provide one. Packages in Wolfi are declaratively built, which allows for smaller, more granular containers. In this session, you'll learn how to use Wolfi as your base container image to provide a secure foundation for your applications. You'll also learn how to declaratively build your own images using the same open-source tools that assemble Wolfi - apko and melange.