Venerdì Protetto | July edition: Deserialization, Kubernetes, Machine Learning

27 July 2023 Facile.it engineers

4 minute read

This page contains the abstracts of the talks held during the latest Venerdì Protetto on July 14, 2023.

Topics:

Deserialization by Alessio Giorgianni (Facile.it)
Kubernetes by Dario Tranchitella (CLASTIX)
Machine learning pipelines at Facile.it by Luigi Cerone & Jacopo Demichelis (Facile.it)

The overview of Venerdì Protetto is available here.

Deserialization

The attacker’s point of view

^{by Alessio Giorgianni}

Serialization is a known concept within software development. Nonetheless, the developer often has only a superficial knowledge of this mechanism, ignoring especially the security-related issues.

So, what might happen if a skilled attacker is able to manipulate a serialized payload maliciously?

The purpose of this talk was to give an introductory overview of the potential attack scenarios that a user attacker could implement, and the consequences they could have (arbitrary file read/write, remote code execution, etc.) by focusing more on the PHP platform.

We started by writing simple introductory exploits and worked our way up to a complex exploit used in a recent bug from the well-known blog VBullettin.

Kubernetes

Kubernetes multi-tenancy

^{by Dario Tranchitella (CLASTIX)}

From great power comes great responsibility, as Uncle Ben said. And that’s true when you use a Kubernetes cluster shared among multiple tenants.

In this session, we discovered the principles required to develop an Internal Developer Platform that is multi-tenant aware such as self-service, security first, and declarative, besides the API primitives that Kubernetes offers to address the resource quota and isolation.

Eventually, we discovered how Capsule can help to address all these requirements in a simpler way, without breaking the Kubernetes UX.

Machine learning pipelines at Facile.it

^{by Luigi Cerone & Jacopo Demichelis}

Building a machine learning (ML) model could be challenging, but being able to handle its lifecycle in production at scale is a whole different problem.

In this talk, we shared what’s behind the curtain of many of the ML models in production at Facile.it.

We started from an existing use case, that is, the optimization of leads. We then covered both the creation of the models and all the technical solutions, pipelines, and procedures created in the last year to keep them updated and monitored.

The archive of all Venerdì Protetto talks is available here.

Facile.it Engineering

Categories

Authors

Careers

Who we are

Recent Posts

Venerdì Protetto | March edition

Venerdì Protetto | February edition

Venerdì Protetto | January edition