Overview
Explore the OWASP Top 10 for Kubernetes in this 51-minute conference talk from NDC Security 2023. Delve into the community-curated list of common Kubernetes risks, backed by data from organizations of varying maturity and complexity. Learn about insecure workload configurations, supply chain vulnerabilities, overly permissive RBAC configs, lack of centralized policy enforcement, inadequate logging and monitoring, broken authentication, and missing network segmentation. Examine real-world examples, including a Redis case study, and gain insights into service mesh, secret management, components, CIS Benchmark, and API versions. Understand why Kubernetes isn't inherently secure and discover how to get involved in this open-source project to enhance containerized infrastructure security.
Syllabus
Introduction
How secure is Kubernetes
Insecure workload configurations
Supply chain vulnerabilities
Overly permissive RBack configuration
Lack of centralized policy enforcement
Inadequate logging and monitoring
Broken authentication
Missing network segmentation
Redis example
Service Mesh
Secret Management
Components
CIS Benchmark
API Versions
Kubernetes isnt secure
Questions
Taught by
NDC Conferences