Kubernetes Security: Attacking And Defending Modern Infrastructure
Elevator Pitch
Kubernetes has become the operating system of the Internet. An increasing number of organizations prefer to run their workloads on the cloud because it’s cost-effective option. However, this choice comes with its own set of challenges, including cluster misconfigurations, leaked cluster credentials, crypto miners, container escape vulnerabilities, and vulnerable clusters.
Description
Why are more and more companies moving to the Cloud? Why is everybody talking about Kubernetes? Is it good? Is it Secure?
In this talk, I will explain the fundamentals of Containers and Kubernetes security. We will discuss previous security work around Kubernetes, like OWASP Kubernetes Top Ten and Threat Matrix for Kubernetes. Then, I will analyze common attack vectors used against Kubernetes infrastructure, such as exploiting Insecure APIs, Secrets Theft, Container Escape, and Pod Privilege Escalation. We will also explore protections you can implement to mitigate risks and prevent attackers from damaging your organization using RBAC, OPA, Security Contexts, Network Policies, and other built-in security features.
Technical requirements
- Basic knowledge of cloud computing
- Basic/intermediate knowledge about Linux and containers.
- Basic knowledge about Internet protocols such as HTTP and DNS
Who should attend
While there’s no minimum required experience to attend, this talk will best suited for:
- Software Engineers
- Security Engineers
- Cloud Engineers
- DevOps people
- Incident response / penetration testers / hackers
- Any person that wants to learn more about Kubernetes