Session: Container Security for RED and BLUE Teams!
This talk will explore the business case for training, the trade-offs between cost and effectiveness, and best practices for training design and deployment depending on where your organization lies on the spectrum of size and maturity.
Learn why training is not about unleashing a fire hose of information upon unsuspecting engineers but about giving those engineers the confidence to run production systems at scale.
In this talk will focus on two different perspectives of container security. We will see, how attackers can break into docker container and kubernetes clusters to gain access, escalate privileges to infrastructure by using misconfigurations and application security vulnerabilities. Also, we can see how defenders can leverage the power of automation at different layers like Infrastructure Security, Supply chain Security and Run time Security to protect against the container security attacks.
By the end of this talk participants able to use this knowledge to identify and exploit vulnerabilities in applications running on containers inside kubernetes clusters. Also, it will be useful to apply pragmatic security using tools, techniques and procedures (TTPs) to secure the container infrastructure.
Madhu Akula is a security ninja, published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, etc). Hold industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.