Overview
Syllabus
Intro
You've seen Microservices before
Your Legacy Application
The Principle of Least Privilege
The Principle of Least Surprise
The Principle of Least Access
Upsides of Microservices AppSec
Downsides of Microservices AppSec
Exploring Real World Compromise
Limit Compromises: OSI Edition
Layer 7 Authentication: Application
Layer 4/5 (7) Authentication: TLS
Layer 3 Authentication: IPSEC
Containers Map to Microservices
Pruning The Attack Tree
Minimal: Distro
Security starts with the base OS
Minimal Container?
Minimal: Container Images
General idea for Docker
Golang wiki server example
Mandatory Access Control
Nested AppArmor
Custom AppArmor Profiles
AppArmor Profile Gotchas
Why Custom Profiles?
Seccomp Profiles using strace
Seccomp Profiles using Seccomp
General Seccomp Pitfalls
Seccomp in Docker
Seccomp notes
The Problem of Managing Secrets
Other Security Recommendations
Taught by
Docker