Explore the intricacies of container security in this 52-minute conference talk presented by Anais Urlichs for the OWASP Foundation. Delve into the fundamentals of containerization, starting with the concept of turning processes into contained processes and understanding Docker as a command execution service. Gain insights into Kubernetes architecture and its role in container orchestration. Examine the layered structure of the container stack and learn about potential vulnerabilities, including container breakout CVEs. Investigate the Kubernetes control plane, networking complexities, and the role of cluster nodes as routers. Analyze specific security concerns such as CVE-2020-8554 and its impact on services. Discuss the future landscape of network attacks in containerized environments. Address user management challenges in Kubernetes and explore the intricacies of Role-Based Access Control (RBAC). Conclude with a comprehensive overview of container security best practices and emerging trends in the field.
A Wander Through the World of Container Security
Overview
Syllabus
Intro
About Rory
Turning a process into a contained process
Docker == Command Execution As A Service
So, What is Kubernetes?
Container Stack - A Layer Cake
Container Breakout CVES Kubernetes Control Plane
Kubernetes Networking Fun
Cluster nodes are routers
CVE-2020-8554 - Attack of the services
The Future for network attacks
Kubernetes - Where's my users?
RBAC - The restless verbs
Conclusion
Taught by
OWASP Foundation
Related Courses
-
M9sweeper - The Open Source Kubernetes Security Platform
-
Security Attacks in Kubernetes Cluster Due to Security Best Practices Violation
-
Build and Manage Your App Portfolio with Docker and Microsoft Azure
-
Scaling Docker Containers Using Kubernetes and Azure Container Service
-
The Container Security Checklist - CNCF
-
Understanding the Container Revolution
