Enhancing Security with eBPF: Use Cases Explored

#include <linux/bpf.h>
#include <linux/types.h>
#include <linux/ptrace.h>

SEC("kprobe/security_sys_execve")
int bpf_sys_execve(struct pt_regs *ctx) {
    pid_t pid = bpf_get_current_pid_tgid() >> 32;
    
    if (pid == target_pid) {
        bpf_kern_panic();
    }
    
    return 0;
}

#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>

SEC("filter")
int bpf_filter(struct __sk_buff *skb) {
    struct ethhdr *eth = bpf_hdr_pointer(skb);
    struct iphdr *ip = (struct iphdr *)(eth + 1);

    if (ip->saddr < start_ip || ip->saddr > end_ip) {
        return XDP_DROP;
    }
    
    return XDP_PASS;
}

#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>

SEC("kprobe/tcp_v4_connect")
int bpf_tcp_connect(struct pt_regs *ctx) {
    struct sock *sk = (struct sock *)PT_REGS_PARM1(ctx);
    struct iphdr *iph = (struct iphdr *)skb_network_header(sk->sk_skb); 
    
    if (ntohl(iph->daddr) == suspicious_ip) {
        bpf_printk("Suspicious outgoing connection detected from container!");
    }
    
    return 0;
}

#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/tcp.h>

SEC("filter")
int block_outbound_network(struct __sk_buff *skb) {
    struct ethhdr *eth = bpf_hdr_pointer(skb);
    struct iphdr *ip = (struct iphdr *)(eth + 1);
    
    if (ip->daddr != whitelist_ip) {
        bpf_skb_drop(skb);
        return XDP_DROP;
    }
    
    return XDP_PASS;
}

Get A Demo

GH Actions changed-files supply chain attack: What happened?

Cenk Kalpakoğlu - 18 Mar 2025

Customizable Roles and Permission in ASPM Platforms

Can Taylan Bilgin - 27 Feb 2025

The Advantage of Using VEX SBOMs

Ben Strozykowski - 18 Feb 2025

Generating build-time SBOMs with CycloneDX and Kondukto

Luis Pereira - 20 Jan 2025

Okta vulnerability explained (bcrypt auth bypass)

Cenk Kalpakoğlu - 05 Nov 2024

eBPF Vulnerabilities: Ecosystem and Security Model

Andreas Wiese - 31 Oct 2024

Ruby affected by CVE-2024-45409

Kondukto Security Team - 09 Oct 2024

Secure CodingAppSec

Linux Kernel effected by CVE-2023-2163

Kondukto Security Team - 04 Oct 2024

ASPMDevSecOps

Empowering Developers in AppSec: Scaling and Metrics

Andreas Wiese - 19 Sep 2024

DevSecOpsAppSecASPM

Protecting APIs of Modern Applications

Kondukto Security Team - 13 Sep 2024

DevSecOpsAppSec

Empowering Developers in AppSec: Triage and Collaboration

Andreas Wiese - 09 Sep 2024

DevSecOpsSecure CodingAppSec

Enhancing Vulnerability Management with Threat Intelligence

Andreas Wiese - 20 Aug 2024

AppSecUnified Vulnerability Management

Enhancing AppSec through Fuzzing in CI/CD Pipelines

Kondukto Security Team - 01 Aug 2024

Secure CodingAppSec

Git SCM affected by CVE-2024-32002

Ali Köse - 20 Jun 2024

Unified Vulnerability ManagementDevSecOps

Bring-Your-Own-Data (BYOD) to the Kondukto Platform

Cenk Kalpakoğlu - 04 Jun 2024

Google Cloud affected by CVE-2021-30476

Kondukto Security Team - 13 May 2024

DevSecOpsUnified Vulnerability Management

kntrl integrates Open Policy Agent

Cenk Kalpakoğlu - 09 May 2024

Supply Chain SecurityDevSecOpskntrl

4 Ways to Improve AppSec Accountability

Andreas Wiese - 02 May 2024

Secure CodingSASTAppSec

Securing CI/CD Runners through eBPF

Cenk Kalpakoğlu - 01 Apr 2024

AppSecSupply Chain Securitykntrl

Introducing kntrl: Enhancing CI/CD Security with eBPF

Cenk Kalpakoğlu - 14 Mar 2024

kntrlSupply Chain SecurityDevSecOps

Supply Chain Security Snags

Andreas Wiese - 07 Mar 2024

Supply Chain SecuritySBOMDevSecOps

Microsoft Azure CLI affected by CVE-2022-39327

Kondukto Security Team - 28 Feb 2024

Unified Vulnerability ManagementAppSecDevSecOps

Splunk Enterprise affected by CVE-2023-40598

Kondukto Security Team - 05 Feb 2024

Unified Vulnerability ManagementAppSecDevSecOps

Running DAST in CI/CD for Regression Testing

Andreas Wiese - 23 Jan 2024

DASTDevSecOpsAppSec

Why SBOM Matters infographic

Andreas Wiese - 15 Jan 2024

Supply Chain SecuritySBOM

Create SBOM on Gradle with the CycloneDX Plugin

Alperen Örsdemir - 10 Jan 2024

ASPMSupply Chain SecuritySBOM

A Look into Modern Security Orchestration

Can Taylan Bilgin - 26 Dec 2023

ASPMAppSecDevSecOps

How Malicious Code Enters Applications

Andreas Wiese - 07 Dec 2023

Supply Chain SecurityAppSecASPM

ASPM and Security Testing Orchestration

Can Taylan Bilgin - 28 Nov 2023

Supply Chain SecuritySASTASPM

Container Security: A Quick Overview

Andreas Wiese - 21 Nov 2023

Container SecurityDevSecOpsAppSec

Unveiling Java Library Vulnerabilities

Alperen Örsdemir - 31 Oct 2023

Supply Chain SecurityAppSec

Get Management Buy-in with AppSec Metrics

Cenk Kalpakoğlu - 17 Oct 2023

Secure CodingDevSecOpsAppSec

How to Streamline Vulnerability Management

Can Taylan Bilgin - 27 Sep 2023

ASPMDevSecOps

AI Remediation: A massive time-saver

Cenk Kalpakoğlu - 07 Sep 2023

Machine LearningSecure CodingAppSec

How to Shift-Left Better with Git Hooks

Cenk Kalpakoğlu - 22 Aug 2023

DevSecOpsAppSec

A Guide to Becoming a Product Security Engineer

Cenk Kalpakoğlu - 10 Jul 2023

AppSec

Top 10 Reasons To Implement An ASPM Right Now!

Can Taylan Bilgin - 30 May 2023

DevSecOpsAppSec

Demo Hub launched for Kondukto Technology Partners

Andreas Wiese - 25 Apr 2023

PartnershipsAppSecASPM

Winning Management Support as an AppSec Leader

Can Taylan Bilgin - 18 Apr 2023

DevSecOpsAppSec

How To Get Developer Buy-In For AppSec Programs

Can Taylan Bilgin - 08 Mar 2023

AppSecDevSecOps

How to integrate continuous API fuzzing into the CI/CD?

Cenk Kalpakoğlu - 17 Jan 2023

DevSecOpsAppSec

OpenAI (ChatGPT) Vulnerability Remediation Concept Work

Suphi Cankurt - 13 Dec 2022

Secure CodingAppSec

OWASP ASVS with your security testing tools

Suphi Cankurt - 28 Nov 2022

ASVSAppSec

Application Security Engineer: Salary, Skills, Requirements

Suphi Cankurt - 10 Oct 2022

AppSec

The Economics of ASPM

Can Taylan Bilgin - 27 Sep 2022

AppSec

Announcing Our Seed Round

Can Taylan Bilgin - 05 Sep 2022

What is Application Security Orchestration and Correlation?

Can Taylan Bilgin - 30 Aug 2022

AppSec

Dockerfile Security Best Practices with Semgrep

Cenk Kalpakoğlu - 25 Aug 2022

5 Essential Skills to Become a DevSecOps Engineer

Barış Ekin Yıldırım - 22 Jul 2022

DevSecOps

3 Ways Using ASVS Can Help Your Organization

Can Taylan Bilgin - 01 Jul 2022

ASVSDevSecOpsAppSec

How to boost SAST performance?

Cenk Kalpakoğlu - 20 Jun 2022

SASTDevSecOpsAppSec

Insecure Deserialization

Barış Ekin Yıldırım - 07 Jun 2022

Secure CodingAppSecInsecure Deserialization

How To Generate and Audit SBOM In a CI/CD Pipeline

Barış Ekin Yıldırım - 20 May 2022

Supply Chain SecurityDevSecOpsSBOM

Software Bill of Materials(SBOM) 101

Barış Ekin Yıldırım - 03 May 2022

Supply Chain SecuritySBOMDevSecOps

5 Common Mistakes in DevSecOps

Cenk Kalpakoğlu - 13 Apr 2022

DevSecOpsAppSec

5 Use Cases of Kondukto CLI in CI/CD pipelines

Can Taylan Bilgin - 24 Jan 2022

DevSecOpsAppSec

Vulnerability Management In Your GitFlow

Can Taylan Bilgin - 16 Sep 2021

Secure CodingAppSec

Security Training for Developers with Avatao

Can Taylan Bilgin - 05 Aug 2021

Secure CodingAppSec

The Essence of DevSecOps: Aligning Multiple Teams

Can Taylan Bilgin - 01 May 2021

DevSecOpsAppSec

How to Get the Most Out of Security Training for Developers

Can Taylan Bilgin - 23 Feb 2021

Secure CodingAppSec

Defensive Programming Tips-2: LDAP Injection

Cenk Kalpakoğlu - 21 Jan 2021

AppSecSecure Coding

4 Key Benefits of Application Security Orchestration

Can Taylan Bilgin - 30 Sep 2020

AppSec

Cybersecurity As a Marketing Activity

Can Taylan Bilgin - 25 Aug 2020

AppSec

Defensive Programming Tips-1: Bad URL Handling Patterns

Cenk Kalpakoğlu - 20 Jul 2020

AppSec

Software Developers : Scapegoats For Security Vulnerabilities

Can Taylan Bilgin - 18 Jun 2020

DevSecOps

5 Circular Phases of Sec in DevSecOps

Can Taylan Bilgin - 26 May 2020

DevSecOps

Keep Applications Secure While Keeping Your Distance

Can Taylan Bilgin - 08 Apr 2020

AppSec

DevOps vs DevSecOps Differences

Can Taylan Bilgin - 20 Feb 2020

DevSecOps

Secure Software Development Life Cycle: Beginners Guide

Can Taylan Bilgin - 23 Jan 2020

DevSecOps

How To Improve AppSec Posture For Starters

Can Taylan Bilgin - 29 Nov 2019

AppSec

Why Care About Application Security At All?

Can Taylan Bilgin - 14 Oct 2019

AppSec

Damage Limitation Strategies for Developers

Cenk Kalpakoğlu - 19 Sep 2019

Secure Coding

Automating Issue Assignment In Vulnerability Management

Kondukto - 01 Jul 2019

AppSec

What Is The Optimal Security Scan Time For My Applications?

Can Taylan Bilgin - 22 May 2019

AppSec

Keep An Eye On Your Remediation Performance

Can Taylan Bilgin - 11 Apr 2019

AppSec

Benefits of Using SAST And DAST In Tandem

Kondukto - 29 Jan 2019

SASTAppSec

Why Should “Heap Inspection” Not Be Marked As False Positive?

Cenk Kalpakoğlu - 09 Nov 2018

Secure CodingAppSec

Beginning AppSec Training Program for Developers

Cenk Kalpakoğlu - 10 Oct 2018

Secure Coding