Build Stuff 2017

Kali, Backbox, Metasploit, BeEF. All tools in an arsenal that exist to break through security barriers.
This talk introduces the tools available and shows how they are used to get through your defences.
It is more a massive demo than a talk and is an exploration of the tools and what they do. At end of this talk, you will have better understanding how to defend against them and spot the problems. We will go through recon, exploitation and maintenance of exploits.
This is geared at developers, it pros and those with an interest in learning more about security tools and practices

The revolution of cloud computing has bootstrapped a transformation of harnessing IT as we know it. The power and potential of cloud computing has never been clearer. If you're resisting it because of security concerns, you risk being left behind, missing out on the most disruptive and innovative periods in technology so far. Emerging with cloud computing is a second revolutionizing philosophy. The one of DevOps and Continuous Delivery. In contrast to the old ways of ensuring that our software is available, stable and secure, we no longer have the time to let it block progress and speed. Security is not only failing to protect, it's also hindering the organization’s productivity. Because if security blocks progress and speed, it will be ignored and marginalized.

The last year we have migrated all customer facing applications from internal hosting to the cloud at Norwegian Railways (NSB). We have also created a handful of new services and split up many of the legacy ones. Our main focus has been to enable fast flow of features into production while preserving world-class availability, stability, and last but not least security. In this talk I will share with you our experiences and choices made along the way. Furthermore I will show you our tooling, technology choices and explain our process adaptations. Participants should have some experience with software development and/or administration of public cloud computing. There will be code. The audience should agree that security is important.