Kubernetes Security Masterclass

This is a two-day training. It takes place online on March 15 and 16, 2021.

Kubernetes has emerged as the leading container orchestration and management platform for on-prem and cloud environments. However, Kubernetes is a multi-headed beast with several minute and nuanced security configuration parameters. In addition, attackers take advantage of these insecurely configured and designed Kubernetes deployments and perform deep-incursions into the organization’s assets.

This training is a hard-core hands-on view of Kubernetes Security from an Attack and Defense perspective. The course takes the participants through a journey where they start with setting up a Kubernetes cluster (simulating an on-prem Kubernetes) deployment, attack the cluster and learn, through multiple deep-dive examples and cookbooks on how they can effectively secure Kubernetes clusters.

The course is aimed at providing a view of attacking, auditing and defending Kubernetes clusters on-prem or on the cloud

Kubernetes is the world’s leading Container Management and Orchestration Platform. However, Kubernetes is often deployed without understanding some of its security features, limitations, available tools or security-oriented design. This has caused many an organization to run extremely critical infrastructure, very insecurely on Kubernetes. In addition, organizations incorrectly assume that Kubernetes in cloud-native environments and managed cloud environments is automatically secure, which is also far from the truth. While certain configuration parameters are abstracted away from the operators, Kubernetes clusters can still be subject to a plethora of misconfigurations and application security lapses.

This MasterClass is meant to prepare practitioners and operators alike, on the depths of Kubernetes Security. We start off with participants setting up and running their own Kubernetes clusters on a simulated “on-prem” environment. This ensures that they understand the intrinsic aspects of the cluster and underlying technology without blindly depending on managed cloud providers to secure them.

Subsequently, the class takes a firm toward the “Red-Team” by delving deep into Kubernetes attacks. The participants use a variety of known exploits, vulnerable apps and container escape techniques to attack and privilege-escalate on Kubernetes clusters, including some of the latest DNS Spoofing attack possibilities against Kubernetes. This segment is meant to train participants on “security through insecurity”. By understanding techniques from the attacker’s playbook, participants have a deep understanding of not only the cluster, but some of the ways these misconfigurations can impact the cluster, in terms of security.

The training then takes a “Blue Team” turn where we dive deep into Kubernetes defenses. Here we explore in depth, a variety of areas, tools and strategies to define a more secure Kubernetes cluster. The participants, through hands-on, cookbook-style sessions, learn how they can audit and secure Kubernetes clusters. In addition, they are exposed to a smorgasbord of useful OSS tools to help them assess, audit and defend against attackers looking to leverage vulnerable Kubernetes clusters. This segment focuses on, not limited to:

Kubernetes Security Maturity Model
Authentication, Authorization and Admission Control
Secrets Management for Kubernetes deployments
Vulnerability Assessment for Kubernetes Deployments
Runtime Container Protections for Kubernetes Security
Introduction to Service Mesh Security concepts, with Istio
Introduction to Security Policy Management with Kubernetes with Open Policy Agent
Kubernetes Logging API and Monitoring Practices
CI/CD Pipelines for Kubernetes with Security

At the end of the training, we (trainers) are of the opinion that participants will walk away with a comprehensive and practical view of Kubernetes security. We believe that they will be equipped to address these and many other security concerns with Kubernetes within their own organizations, with a great deal of assurance.

The labs are highly advanced and per-student environments on the cloud that the students can access throughout the length of the training. In addition, we will be giving students a useful repository of OSS Kubernetes Security Tools and access to our online training portal to learn more about Container Security, AppSec, Managing Secrets on the cloud and Kubernetes Security concepts.

Who should attend this training?

AppSec Engineers and Professionals
DevOps Professionals
Senior Security Managers overseeing cloud and DevSecOps initiatives
Penetration Testers
Cloud Engineers

Prerequisites

Working knowledge of Linux command line
Basic knowledge of some (any) programming language
Working knowledge of Docker or any container run time
Working knowledge of Kubernetes will be useful

Requirements

Our entire lab environment is delivered over the cloud and accessible via the browser. No need for any VM to be set up. All that is needed is a laptop or a tablet (with keyboard) with a browser installed.

About the Speaker

Abhay Bhargav

Abhay Bhargav is the Founder of we45, a focused Application Security Company. Abhay is a builder and breaker of applications. He is the Chief Architect of “Orchestron”, a leading Application Vulnerability Correlation and Orchestration Framework.

He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, namely Containers, Orchestration and Serverless Architectures.

Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on.