Container Security, Orchestration and Serverless training

WHEN

26-27 Feb 2019

WHERE

Singapore

 

PRICE

$3,200 SGD (Early Bird)

2-in-1 Package: Booking of this course includes a complimentary 2-day conference pass for DevSecCon Singapore (28 Feb - 01 Mar 2019)!

With organizations rapidly moving towards micro-service style architecture for their applications, container and serverless technology seem to be taking over at a rapid rate. Leading container technologies like Docker have risen in popularity and have been widely used because they have helped package and deploy consistent-state applications. Serverless and Orchestration technologies like Kubernetes help scale such deployments to a massive scale which can potentially increase the overall attack-surface to a massive extent, if security is not given the attention required.

Security continues to remain a key challenge that both Organizations and Security practitioners face with containerized and, serverless deployments. While container orchestrated deployments may be vulnerable to security threats that plague any typical application deployments, they face specific security threats related to the containerization daemon, shared kernel, shared resources, secret management, insecure configurations, role management issues and many more! Serverless deployments on the other hand, face risks such as insecure serverless deployment configurations, Inadequate function monitoring and logging, Broken authentication, Function event data injection & Insecure application secrets storage.
Attacking an infrastructure or Applications leveraging containers and serverless technology requires specific skill-set and a deep understanding of the underlying architecture.

Training Objectives

This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. It will be a 2 day program that will detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios that the attendees will understand and take part in and, will also understand ways in which containerized and serverless deployments can be attacked, made secure, yet scalable, efficient and effective.

The training consists of, but not limited to the following focus areas in Container Security, Orchestration and Serverless Deployment:

  • Introduction to Container Technology
  • Containerized Deployments and Container Orchestration Technologies
  • Container Threat-Model
    ○ Spoofing
    ○ Tampering
    ○ Repudiation
    ○ Information disclosure
    ○ Denial of Service
    ○ Elevation of Privilege
  • Attacking Containers and Security deep-dive
  • Introduction to Kubernetes
  • Threat-Model of Orchestration technologies
  • Attacking Kubernetes
  • Kubernetes Defense-in-Depth
  • Logging & Monitoring Orchestrated deployments
  • Introduction to Serverless
  • Deploying Application to AWS Lambda
  • Serverless Threat-Model
  • Attacking a Serverless Stack
  • Serverless Security Deep-dive

Who should attend

This course is aimed at Developers, DevOps Engineers, Penetration Testers and Security practitioners who plan to use container or serverless technology as part of their product deployments and want to get a good understanding on how to secure their services and deployments.

Prerequisites

  1. Students should have a basic understanding of Linux environment and know their way around the terminal.
  2. A basic understanding of the OWASP TOP-10 Vulnerabilities will be helpful

Software and Hardware Requirements

  1. Laptops – Intel i5 and above preferred, 64bit Operating System (32 bit will NOT work), 8GB+ RAM preferred and a minimum of 80GB HDD space available. (Netbooks WON’T work)
  2. Working Wi-Fi adapter with ability to connect to third party wireless networks
  3. Administrator access to install software
  4. Latest installation of Oracle VM VirtualBox

What students will be provided with

  1. Training Slides
  2. Training Virtual Machine – replete with tools, examples and hands-on exercises for students to use during the course. Participants can also use the VM to practice the lessons after the completion of the training
  3. Detailed documentation of all the Demos and exercises covered

Course outline

DAY 1
Evolution to Container Technology
Introduction to Containers
Container Technology – Deep dive
Container Threat Model
Attacking Containers
Container Security Deep-dive
Container Vulnerability Assessment
Introduction to Kubernetes
Threat-Model of Orchestration technologies
DAY 2
Attacking Kubernetes
Kubernetes Defense-in-Depth
Logging & Monitoring Orchestrated deployments
Kubernetes Vulnerability Assessment
Introduction to Serverless
Deploying Application to AWS Lambda
Serverless Threat-Model
Attacking a Serverless Stack
Serverless Security Deep-dive

Register now

SINGAPORE | 26-27 FEB 2019

$3,200 SGD – Early Bird price offer ends on 31 Dec 2019 (Regular price $3,500 SGD)

2-in-1 Package: Booking of this course includes a complimentary 2-day conference pass for DevSecCon Singapore (28 Feb - 01 Mar 2019)!

Payment methods

Pay by card (Eventbrite)

Please complete your registration on Eventbrite by selecting the ticket ‘Container Security, Orchestration and Serverless training + Regular 2-Day Pass’

Register now

Pay by bank transfer (invoice)

Terms & Conditions *

About the trainers

Nithin Jois
Solutions engineer, we45

Nithin Jois is a Solutions engineer at we45 – a focused Application Security company. He has helped build ‘Orchestron’ – A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production. Nithin and his team have extensively used Docker APIs as a cornerstone to most of we45 developed security platforms and he has also helped clients of we45 deploy their Applications securely.

Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook – An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook.

Nithin is an automation junkie who has built Scalable Scanner Integrations that leverage containers to the hilt and is passionate about Security, Containers and Serverless technology. He speaks at meetup groups, webinars and training sessions. He participates in multiple CTF events and has worked on creating Intentionally Vulnerable Applications for CTF competitions and Secure Code Training.

Enquire now

Send us a message to find out more about our courses



I'm interested in: Real-World SecuritySecurity in the CloudDocker Security and Orchestration WorkshopPractical DevSecOps - Continuous Security in the age of cloud

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Got it!" below then you are consenting to this.

Close