Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

NDC Conferences

Introducing the OWASP Top 10 for Kubernetes

NDC Conferences via YouTube

Overview

Explore the OWASP Top 10 for Kubernetes in this 51-minute conference talk from NDC Security 2023. Delve into the community-curated list of common Kubernetes risks, backed by data from organizations of varying maturity and complexity. Learn about insecure workload configurations, supply chain vulnerabilities, overly permissive RBAC configs, lack of centralized policy enforcement, inadequate logging and monitoring, broken authentication, and missing network segmentation. Examine real-world examples, including a Redis case study, and gain insights into service mesh, secret management, components, CIS Benchmark, and API versions. Understand why Kubernetes isn't inherently secure and discover how to get involved in this open-source project to enhance containerized infrastructure security.

Syllabus

Introduction
How secure is Kubernetes
Insecure workload configurations
Supply chain vulnerabilities
Overly permissive RBack configuration
Lack of centralized policy enforcement
Inadequate logging and monitoring
Broken authentication
Missing network segmentation
Redis example
Service Mesh
Secret Management
Components
CIS Benchmark
API Versions
Kubernetes isnt secure
Questions

Taught by

NDC Conferences

Reviews

Start your review of Introducing the OWASP Top 10 for Kubernetes

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.