Docker, Microservices, Kubernetes, DevOps, Continuous Integration/Deployment/Delivery, Container -- all of those terms heavily dominate modern application development teams and processes. This training will explain all of the mentioned terms and focus on the following main questions:
How strong and reliable are the isolation capabilities of Docker/Linux/OS containers?
How do containers affect typical application and network architectures?
Which changes are introduced by the CI/CD/Microservice paradigm into traditional development environments?
How does a typical CI/CD pipeline look like?
How can "security" be integrated into these new development/architecture paradigms?
What additional attack surface and security challenges are introduced by the changed development landscape and additional tools?
The agenda of the training is as follows:
All agenda topics will supported by practical exercises and/or demos. At the end of day 2, each attendee will have an automated environment where code changes can be deployed to staged hosting environments while being covered by various functional and/or security-related tests. The attendees will also know the concept behind the main buzzwords and tools described above and understand how they impact application architectures, development, and security posture.
The attendees should have basic knowledge of the Linux bash and need a system with an SSH client for the workshop. Attendees who want to operate the demo VMs on their own system will get the base demo VM on a usb drive but are on their own for starting/deploying it.
Florian Barth is founder and CTO of Stocard - THE Mobile Wallet App. He is responsible for evolving and managing Stocard's docker-backed, cloud-hosted microservices-swarm while staying up to date in security, mobile development, and many other tech topics.
Matthias Luft is a security researcher and heads the German security research company ERNW Research. He is interested in a broad range of topics (such as DLP, virtualization, and network security) while keeping up with the daily consulting and assessment work.