OPEN Stage

Join on Hopin

Tuesday, December 7, 2021

- PST
OPEN TALK: How Data From Penetration Tests Can Help You Understand, Fix, And Prevent Security Bugs
Nick Terkay
Nick Terkay
Cobalt, Director of Engineering, Customer Experience

Penetration tests can give developers invaluable information on what issues slip past their reviews. Not only that, they can give clues on big-picture questions like “Do we have a wider design problem with user authorization?” or “Are we making repeat mistakes from one test to the next? Why?”

Rather than a lengthy to-do list, findings from a penetration test can be a collection of metrics you can track to improve the quality of your code, and the performance of your team. In this session, I’ll walk you through the most common metrics in penetration test reports, and map them to the questions they can help answer: from finding the bug, to fixing and preventing it.

- PST
OPEN TALK: Build Microservices-Based Apps Faster with Data Apis
Bhavani Rao
Bhavani Rao
DataStax, Product Marketing Director

If you are like most developers, you are embracing applications built using microservices and a NoSQL database. Creating applications is hard because microservices are often written in different languages, database drivers have a maintenance burden, or familiar HTTP APIs lack the performance needed. Data APIs can simplify application development, but which one is best for your use case? In this session you will learn about industry standard APIs (REST, schemaless JSON, GraphQL, and gRPC) that can be used to interact with a database. Identify what the benefits of these APIs and why gRPC has become the API of choice for connecting microservices.

- PST
OPEN TALK: How Your Applications Are under Attack - Struts 2 Vulnerability
Austin Becker
Austin Becker
Sonatype, Solutions Engineer

This session will include information about how popular open source has become and how it is driving innovation for enterprises in today's market. Open source allows enterprises to get value to market faster, and ensure the survival of many businesses. But open source software (OSS) has recently been an attack vector and focus for cybercrime syndicates. How can you protect yourself? What are you up against? We will also cover how the Struts2 vulnerability, a common java OSS component, led to the attack and breach of several financial institutions. In this workshop, we will set up the Struts2 application and walk through not only how to exploit it, but also how to protect yourself from this attack.

- PST
OPEN TALK: Authorization for Cloud-Native Applications
Tim Hinrichs
Tim Hinrichs
Styra, CTO

Application modernization requires a plethora of different kinds of technological decisions, one of which is authorization - how do you control which actions your users can take and under what conditions? Modern applications require solving that problem throughout your application: from the front-end, to the backend, to the database, and so on. In this chat, we will discuss best practices for using modern technologies like ServiceMesh and Open Policy Agent to implement authorization within your application.

Wednesday, December 8, 2021

- PST
OPEN TALK: Introduction to PostgreSQL
Kirk Roybal
Kirk Roybal
Instaclustr, Database Reliability Engineer

PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. Find out who's who and what's what in this orientation to PostgreSQL session.

- PST
OPEN TALK: A Practical Approach to Operationalizing Data-Tiers on Kubernetes
Rags Srinivas
Rags Srinivas
Datastax, Developer Advocate

The IT world has evolved from the stateless 12-factor simple “Hello World!” app on Kubernetes to refactor more complex data-driven apps and incorporate newer paradigms such as microservices, service mesh, etc. However, Dev, DevOps and Ops of these distributed teams and systems are still an ongoing major challenge.

How are teams and technologies evolving to deal with this myriad of challenges and what steps are they taking to mitigate some of the issues? In this session we will start with identifying these challenges and how to solve them with a comprehensive practical example based around open sourced k8ssandra.io which relies on the cass-operator and is evolving to provide multi data center support.

After attending this session, attendees (Devs, Devops and Ops audience alike) will get a holistic perspective of the day-to-day challenges of the cloud-native approach -- gain a better understanding of data durability, routine backups and restore, observability, HA and DR. Dissecting the example with a step-by-step approach, will enable attendees to walk away with practical tips for a robust architecture and how to operationalize it.