Explore strategies for securing container deployments in enterprise environments through this conference talk from OWASP AppSec EU 2018. Delve into the challenges of migrating from legacy virtualization to containers, focusing on developing a comprehensive security approach throughout the container lifecycle. Learn about hardening containers, eliminating vulnerabilities, and implementing controls across infrastructure, architecture, tooling, policies, and processes. Examine the modern container landscape, including various runtimes and standards like Open Container Initiative (OCI) and Container Storage Interface (OSI). Discover methods to limit lateral movement and post-exploitation steps by attackers through sound architectural choices. Gain insights into scaling container security within an enterprise and building multi-layered security controls for comprehensive coverage. By the end of this presentation, acquire the knowledge to confidently develop a secure approach to your organization's container strategy, from development to production environments.
Overview
Syllabus
Securing Containers on the High Seas - Jack Mannino & Abdullah Munawar
Taught by
OWASP Foundation