Explore cloud native security patterns in this OWASP NLChapter meeting talk. Dive into essential topics such as container isolation, control plane hardening, network segmentation, and encrypted communications. Learn about the reconciler pattern, container sandboxing limitations, and the importance of build integrity and attestation. Discover user namespaces, rootless containers, and effective authentication and authorization strategies. Examine the controller pattern, admission controllers, and PodSecurity policy design. Gain insights into the sidecar pattern, secrets management, and dynamic secrets implementation. Apply these concepts through practical examples, including retrieving and mounting secrets in cloud native environments.
Running at Light Speed - Cloud Native Security Patterns
Overview
Syllabus
Intro
OWASP Cloud Native Characteristics
OWASP Cloud Native Secure Architecture ✓ Container Isolation Control Plane Hardening Network Segmentation Encrypted Communications
OWASP Who's Job is it Anyway?
OWASP Isolating Containerized Workloads
OWASP Reconciler Pattern
OWASP Spoiler: Containers Aren't Sandboxes
OWASP The Gateway Drug
OWASP Control Groups & Namespaces
OWASP Build Integrity & Attestation
OWASP User Namespaces
OWASP Rootless Containers
OWASP Authentication
OWASP Fixing the Problem
OWASP Authorization
OWASP Create Roles & Bindings
OWASP Controller Pattern
OWASP Admission Controllers
OWASP Designing a PodSecurity Policy
OWASP Sidecar Pattern Decomposition pattern
OWASP Secrets Management
OWASP Dynamic Secrets
OWASP Example - Retrieve & Mount a Secret
Taught by
OWASP Foundation
