Get a comprehensive overview of Kubernetes, cloud native security best practices, and mitigation strategies as you prepare for the KCSA exam.
Overview
Syllabus
Introduction
- Secure the cloud: Preparing for your KCSA certification
- What you should know
- What is cloud native security?
- OWASP Kubernetes Top 10
- What is infrastructure security?
- The four Cs of cloud native security
- Cloud provider and infrastructure security
- Isolation techniques
- Artifact repo and image security
- Workload and app code security
- API server and controller manager
- Scheduler
- Kubelet and container runtime
- kube-proxy
- Pods
- etcd
- Container networking and client security
- Storage and security wrap-up
- Pod security standards
- Pod security admissions
- Authentication
- Authorization
- Secrets
- Isolation and segmentation
- Audit logging
- Network policies
- Kubernetes trust boundaries and data flow
- Denial of service
- Malicious code execution
- Compromised apps in containers
- Attackers on the network
- Access to sensitive data
- Privilege escalation
- Supply chain security
- Image repository security
- Observability
- Service mesh
- Kubernetes PKI
- Admission control
- Compliance frameworks
- Hands-on: Utilizing CIS tools (CIS Report)
- Threat modeling frameworks
- Supply chain compliance
- Automation and tooling
- Hands-on: Kubescape and kube-bench
- Next steps
Taught by
Michael Levan