A monolithic video processing application faces challenges with scaling, high costs from idle power, and a lack of reliability.
The application is broken down into distinct services like an API, a message broker, a transcoding worker, and S3 storage.
The initial step of containerization reveals that official base images often contain known vulnerabilities, highlighting supply chain risks.
Breaking down the application creates new trust boundaries between frontend and backend components, requiring robust authentication and authorization.
AWS S3 access is controlled using bucket policies for broad rules and pre-signed URLs for providing temporary, specific access to objects.
An AWS Lambda function can be triggered on file uploads to S3 to perform validation and prevent attackers from hosting malicious content.
A vulnerability in a transcoding library like FFmpeg can be exploited through a malicious file, leading to code execution and access to secrets within the container.
While microservices increase the attack surface and complexity, they offer better isolation, making privilege escalation more difficult than in a monolith.
The speaker answers audience questions about using AI in security, starting new projects, and identifying threats in a microservice architecture.
29:34Reto Kaeser
33:20Aarno Aukia
44:30Milecia McGregor
37:32Martin Schmiedecker
51:41Panel Discussion
1:48:32Thomas Südbröcker
37:36Vandana Verma
50:06Jens Happe
.gif?w=240&auto=compress,format)
Jobs that call for the skills explored in this talk.
Peter Park System GmbH
München, Germany
Friedrich Kicherer GmbH & Co. KG
Ellwangen (Jagst), Germany
GULP Information Services GmbH