Abstract image of a woman sitting on books and studying on a laptop

OPNFV Security Panel

OPNFV, profile picture
OPNFV

The OPNFV Security Group, founded on January 22, 2015, aims to enhance security within the OPNFV ecosystem through documentation, code reviews, and vulnerability management. It has two main projects: the OPNFV Security Guide for best practices and the Inspector for secure coding and audit improvements. The group encourages collaboration and holds weekly meetings to coordinate efforts in addressing security challenges.

Software
1 of 10
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
OPNFV Security Group Luke Hinds Security Group Project Lead Principle Security Architect @ Nokia Networks
Overview • Founded Jan 22, 2015 • Four members! (room for more) • Improve OPNFV security through documentation, code / design review, upstream inter-work. • An ‘umbrella’ group to encourage development of security within the OPNFV eco-system. • Effectively handle vulnerability and threats in a co- ordinated manner. 2
Projects… OPNFV Security Guide – Best Practices – Hardening Guidelines – 'Living' document – Project Input welcomed https://etherpad.opnfv.org/p/security-guide
4 – Improve Audit – Code Commits upstream – CADF Framework – Project Input welcomed https://wiki.opnfv.org/requirements_projects/inspector Projects… Inspector
Secure Coding Gerrit Code / Design Review: Tag ‘SecurityImpact’ opnfv-security@lists.opnfv.org 5 Secure Coding Guidelines:
Secure Coding – what we check for.. Shell Executions: >>> from subprocess import call >>> filename = input("What file would you like to display?n") What file would you like to display? non_existent; rm -rf importantFiles # >>> call("cat " + filename, shell=True) 6
Secure Coding – what we check for.. Permissions: with open('testfile.txt', 'w') as fout: fout.write("secrets!") flags = os.O_WRONLY | os.O_CREAT | os.EXLC with os.fdopen(os.open('testfile.txt', flags, 0600), 'w') as fout: fout.write("secrets!") 7 Defaults to OS permissions Can be read by All! Only the user has read permissions
Secure Coding – Live example.. 8
Vulnerability Management 9 – Coordinated response – Responsible Disclosure Process – Advisory https://wiki.opnfv.org/security/osvm
Come and join us... 10 –Every Wednesday @ 14:00 UTC –#opnfv-sec

More Related Content

PDF
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Wouter Bloeyaert
 
PDF
DevSecOps, The Good, Bad, and Ugly
4ndersonLin
 
PDF
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
Aarno Aukia
 
PDF
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
PPTX
Outpost24 webinar mastering container security in modern day dev ops
Outpost24
 
PDF
DevSecOps Everything You Need To Know
Centextech
 
PPTX
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
 
PDF
Your Resolution for 2018: Five Principles For Securing DevOps
DevOps.com
 
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Wouter Bloeyaert
 
DevSecOps, The Good, Bad, and Ugly
4ndersonLin
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
Aarno Aukia
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
Outpost24 webinar mastering container security in modern day dev ops
Outpost24
 
DevSecOps Everything You Need To Know
Centextech
 
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
 
Your Resolution for 2018: Five Principles For Securing DevOps
DevOps.com
 

What's hot (20)

PDF
PIACERE - DevSecOps Automated
PIACERE
 
PPTX
Know Your Security Model
Mikhail Shcherbakov
 
PDF
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...
DevOps.com
 
PDF
Practical DevSecOps - Arief Karfianto
idsecconf
 
PPTX
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
PPTX
Fortify dev ops (002)
Madhavan Marimuthu
 
PPTX
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
PDF
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
 
PPTX
Aleksei Dremin - Application Security Pipeline - phdays9
Alexey Dremin
 
PDF
Dos and Don'ts of DevSecOps
Priyanka Aash
 
PPTX
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource
 
PPTX
DevSecOps outline
Nickleus Jimenez
 
PPTX
Secure DevOPS Implementation Guidance
Tej Luthra
 
PPTX
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon
 
PDF
How to automate your DevSecOps successfully
Manuel Pistner
 
PPTX
Secure application deployment in the age of continuous delivery
Tim Mackey
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
PPTX
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
PPTX
Secure application deployment in Apache CloudStack
Tim Mackey
 
PDF
DevSecOps and the CI/CD Pipeline
James Wickett
 
PIACERE - DevSecOps Automated
PIACERE
 
Know Your Security Model
Mikhail Shcherbakov
 
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...
DevOps.com
 
Practical DevSecOps - Arief Karfianto
idsecconf
 
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
Fortify dev ops (002)
Madhavan Marimuthu
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
 
Aleksei Dremin - Application Security Pipeline - phdays9
Alexey Dremin
 
Dos and Don'ts of DevSecOps
Priyanka Aash
 
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource
 
DevSecOps outline
Nickleus Jimenez
 
Secure DevOPS Implementation Guidance
Tej Luthra
 
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon
 
How to automate your DevSecOps successfully
Manuel Pistner
 
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
Secure application deployment in Apache CloudStack
Tim Mackey
 
DevSecOps and the CI/CD Pipeline
James Wickett
 
Ad

Similar to OPNFV Security Panel (20)

PDF
Security and DevOps are Really Best Friends
EmilyGladstoneCole
 
PDF
Understanding security operation.pptx
Piyush Jain
 
PDF
Opsec for security researchers
vicenteDiaz_KL
 
PDF
Practical security in a DevOps World
Hinse ter Schuur
 
PDF
DevOpsDay London Ben Hughes Security
beehooze
 
PDF
Year Zero
leifdreizler
 
PPTX
Security engineering 101 when good design & security work together
Wendy Knox Everette
 
PPTX
AusCERT 2016: CVE and alternatives
David Jorm
 
PPTX
HouSecCon 2019: Offensive Security - Starting from Scratch
Spencer Koch
 
PDF
Open Source Security for Newbies - Best Practices
Black Duck by Synopsys
 
PDF
Open Source and Secure Coding Practices
All Things Open
 
PPTX
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
KEY
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
PDF
Building security into the pipelines
Vandana Verma
 
PDF
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
PPTX
Blue Teamin' on a Budget [of zero]
Kyle Bubp
 
PDF
stackconf 2024 | How to hack and defend (your) open source by Roman Zhukov.pdf
NETWAYS
 
PPTX
Security in the age of open source - Myths and misperceptions
Tim Mackey
 
PPTX
OpenStack Security Project
Travis McPeak
 
PPTX
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24
 
Security and DevOps are Really Best Friends
EmilyGladstoneCole
 
Understanding security operation.pptx
Piyush Jain
 
Opsec for security researchers
vicenteDiaz_KL
 
Practical security in a DevOps World
Hinse ter Schuur
 
DevOpsDay London Ben Hughes Security
beehooze
 
Year Zero
leifdreizler
 
Security engineering 101 when good design & security work together
Wendy Knox Everette
 
AusCERT 2016: CVE and alternatives
David Jorm
 
HouSecCon 2019: Offensive Security - Starting from Scratch
Spencer Koch
 
Open Source Security for Newbies - Best Practices
Black Duck by Synopsys
 
Open Source and Secure Coding Practices
All Things Open
 
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
Building security into the pipelines
Vandana Verma
 
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
Blue Teamin' on a Budget [of zero]
Kyle Bubp
 
stackconf 2024 | How to hack and defend (your) open source by Roman Zhukov.pdf
NETWAYS
 
Security in the age of open source - Myths and misperceptions
Tim Mackey
 
OpenStack Security Project
Travis McPeak
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24
 
Ad

More from OPNFV (20)

PPTX
How to Reuse OPNFV Testing Components in Telco Validation Chain
OPNFV
 
PPTX
Energy Audit aaS with OPNFV
OPNFV
 
PPTX
Hands-On Testing: How to Integrate Tests in OPNFV
OPNFV
 
PDF
Storage Performance Indicators - Powered by StorPerf and QTIP
OPNFV
 
PDF
Big Data for Testing - Heading for Post Process and Analytics
OPNFV
 
PPTX
Testing, CI Gating & Community Fast Feedback: The Challenge of Integration Pr...
OPNFV
 
ODP
How Many Ohs? (An Integration Guide to Apex & Triple-o)
OPNFV
 
PPTX
Being Brave: Deploying OpenStack from Master
OPNFV
 
PPTX
Upstream Testing Collaboration
OPNFV
 
PDF
Enabling Carrier-Grade Availability Within a Cloud Infrastructure
OPNFV
 
PDF
Learnings From the First Year of the OPNFV Internship Program
OPNFV
 
PDF
OPNFV and OCP: Perfect Together
OPNFV
 
PDF
The Return of QTIP, from Brahmaputra to Danube
OPNFV
 
PDF
Improving POD Usage in Labs, CI and Testing
OPNFV
 
PDF
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
OPNFV
 
PDF
Distributed vnf management architecture and use-cases
OPNFV
 
PDF
Software-defined migration how to migrate bunch of v-ms and volumes within a...
OPNFV
 
PDF
Securing your nfv and sdn integrated open stack cloud- challenges, use-cases ...
OPNFV
 
PDF
My network functions are virtualized, but are they cloud-ready
OPNFV
 
PDF
Challenge in asia region connecting each testbed and poc of distributed nfv ...
OPNFV
 
How to Reuse OPNFV Testing Components in Telco Validation Chain
OPNFV
 
Energy Audit aaS with OPNFV
OPNFV
 
Hands-On Testing: How to Integrate Tests in OPNFV
OPNFV
 
Storage Performance Indicators - Powered by StorPerf and QTIP
OPNFV
 
Big Data for Testing - Heading for Post Process and Analytics
OPNFV
 
Testing, CI Gating & Community Fast Feedback: The Challenge of Integration Pr...
OPNFV
 
How Many Ohs? (An Integration Guide to Apex & Triple-o)
OPNFV
 
Being Brave: Deploying OpenStack from Master
OPNFV
 
Upstream Testing Collaboration
OPNFV
 
Enabling Carrier-Grade Availability Within a Cloud Infrastructure
OPNFV
 
Learnings From the First Year of the OPNFV Internship Program
OPNFV
 
OPNFV and OCP: Perfect Together
OPNFV
 
The Return of QTIP, from Brahmaputra to Danube
OPNFV
 
Improving POD Usage in Labs, CI and Testing
OPNFV
 
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
OPNFV
 
Distributed vnf management architecture and use-cases
OPNFV
 
Software-defined migration how to migrate bunch of v-ms and volumes within a...
OPNFV
 
Securing your nfv and sdn integrated open stack cloud- challenges, use-cases ...
OPNFV
 
My network functions are virtualized, but are they cloud-ready
OPNFV
 
Challenge in asia region connecting each testbed and poc of distributed nfv ...
OPNFV
 

Recently uploaded (20)

PDF
AI/ML Infra Meetup | LLM Agents and Implementation Challenges
Alluxio, Inc.
 
PDF
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
PDF
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
PPTX
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
PPTX
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
PPTX
GSA Content Generator Crack (2025 Latest)
halimaanam8
 
PPTX
Full-Stack Developer Courses That Actually Land You Jobs
Ask the C Expert
 
PDF
Microsoft Office 365 Crack Download Free
wasibhadar
 
PPTX
Download Adobe Photoshop Crack 2025 Free
kokilasc86
 
PDF
Top 10 Software Development Trends to Watch in 2025 🚀.pdf
KodekX
 
PDF
E-Commerce Website Development Companyin india
Digital India
 
PPTX
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
PDF
iTop VPN Crack Latest Version Full Key 2025
hashmianya37
 
PPTX
Introduction to Windows Operating System
ssuser1028f8
 
PDF
BoxLang Dynamic AWS Lambda - Japan Edition
Ortus Solutions, Corp
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
Tridens
 
PDF
DuckDuckGo Private Browser Premium APK for Android Crack Latest 2025
hashmi66g66
 
PPTX
Cybersecurity: Protecting the Digital World
SURULIAPPANPREMKMAR
 
PPTX
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
PPTX
Cybersecurity-and-Fraud-Protecting-Your-Digital-Life.pptx
balaji9945191
 
AI/ML Infra Meetup | LLM Agents and Implementation Challenges
Alluxio, Inc.
 
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
GSA Content Generator Crack (2025 Latest)
halimaanam8
 
Full-Stack Developer Courses That Actually Land You Jobs
Ask the C Expert
 
Microsoft Office 365 Crack Download Free
wasibhadar
 
Download Adobe Photoshop Crack 2025 Free
kokilasc86
 
Top 10 Software Development Trends to Watch in 2025 🚀.pdf
KodekX
 
E-Commerce Website Development Companyin india
Digital India
 
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
iTop VPN Crack Latest Version Full Key 2025
hashmianya37
 
Introduction to Windows Operating System
ssuser1028f8
 
BoxLang Dynamic AWS Lambda - Japan Edition
Ortus Solutions, Corp
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
Tridens
 
DuckDuckGo Private Browser Premium APK for Android Crack Latest 2025
hashmi66g66
 
Cybersecurity: Protecting the Digital World
SURULIAPPANPREMKMAR
 
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
Cybersecurity-and-Fraud-Protecting-Your-Digital-Life.pptx
balaji9945191
 

OPNFV Security Panel

  • 1. OPNFV Security Group Luke Hinds Security Group Project Lead Principle Security Architect @ Nokia Networks
  • 2. Overview • Founded Jan 22, 2015 • Four members! (room for more) • Improve OPNFV security through documentation, code / design review, upstream inter-work. • An ‘umbrella’ group to encourage development of security within the OPNFV eco-system. • Effectively handle vulnerability and threats in a co- ordinated manner. 2
  • 3. Projects… OPNFV Security Guide – Best Practices – Hardening Guidelines – 'Living' document – Project Input welcomed https://etherpad.opnfv.org/p/security-guide
  • 4. 4 – Improve Audit – Code Commits upstream – CADF Framework – Project Input welcomed https://wiki.opnfv.org/requirements_projects/inspector Projects… Inspector
  • 5. Secure Coding Gerrit Code / Design Review: Tag ‘SecurityImpact’ opnfv-security@lists.opnfv.org 5 Secure Coding Guidelines:
  • 6. Secure Coding – what we check for.. Shell Executions: >>> from subprocess import call >>> filename = input("What file would you like to display?n") What file would you like to display? non_existent; rm -rf importantFiles # >>> call("cat " + filename, shell=True) 6
  • 7. Secure Coding – what we check for.. Permissions: with open('testfile.txt', 'w') as fout: fout.write("secrets!") flags = os.O_WRONLY | os.O_CREAT | os.EXLC with os.fdopen(os.open('testfile.txt', flags, 0600), 'w') as fout: fout.write("secrets!") 7 Defaults to OS permissions Can be read by All! Only the user has read permissions
  • 8. Secure Coding – Live example.. 8
  • 9. Vulnerability Management 9 – Coordinated response – Responsible Disclosure Process – Advisory https://wiki.opnfv.org/security/osvm
  • 10. Come and join us... 10 –Every Wednesday @ 14:00 UTC –#opnfv-sec