Submit to your local DSC chapter CFPSubmit now!
close

DSC Hungary

Container Safekeeping and Vulnerability Scanning

Register

Date

May 27, 2022

Time

10am CEST

Location

Virtual

play_circle

Questions? Join the conversation on Discord channel #devsecon-discussions-🗣

About the event:

Containers offer many advantages, but also pose certain security challenges that can be difficult to overcome. Perhaps the most noticeable security challenge is the larger attack surface containers create, as opposed to traditional workloads, because of the large number of containers based on many different underlying images, each of which can have vulnerabilities.

Another key issue is the underlying kernel architecture shared by containers. Securing the host is not enough to ensure protection. You also need to maintain secure configurations to limit container permissions and ensure proper isolation between containers.

In the first half of the workshop, you will learn about eBPF (Extended Berkeley Packet Filter – kernel technology) and Cilium (eBPF-based Networking, Observability, and Security) and how they help with security observability.

Containers created from images inherit all of an image’s characteristics, including misconfigurations, malware, and security vulnerabilities. You need to analyse dependencies and packages defined in container images so that you can shift security left. This means you can act before threats are deployed to your production pipeline.

In the second half of the workshop, you will learn brief about Cloud Native Security Whitepaper​ and Vulnerability scanning for Docker images using AWS ECR, Trivy, Grype and docker scan (Snyk)​

Agenda:
10:00hrs to 10:15hrs – Welcome

10:15hrs to 11:00hrs – Container safekeeping – Tales
Presentation

  1. What is vulnerability?
  2. Understanding vulnerabilities
  3. How to prioritise the remediation?

Demo

  1. Snyk Demo

11:00 to 11:50am – Container Security Vulnerability Scanning – Madhu
Presentation:

  1. Cloud Native Security White Paper highlights
  2. Vulnerability Scanning for Container Images​ using Docker Scan (Snyk), ECR, Trivy and Grype
  3. Amazon Elastic Container Registry (ECR) Image Scanner​ alerts
  4. Amazon Elastic Kubernetes Service (EKS) Best Practices for Security​

Demo:

  1. Scanning Dockerfiles for vulnerabilities using Snyk
  2. Scanning Container images using Docker scan, ECR, Trivy and Grype

11:50 to 12:00pm – Q & A and Networking

Language: English
Event Fee: Free

Audience: Level 100 (Basic understanding of the fundamental scope of information technology). Basic understanding of containers and Linux OS.

What you will gain: You will gain introduction level knowledge of security observability and vulnerability scanning for container Images​ using opensource tools and the Amazon ECR.

🗣️ Join the DevSecOps Community on our Discord channel to discuss this talk with other security-focused practitioners! 

Madhu Kumar Yeluri

Principal Cloud Architect at T-Systems International

About Madhu Kumar Yeluri

Madhu is a qualified Principal Cloud Architect and DevSecOps Consultant with over 21 years of IT experience working across multiple regions including Asia, Middle East, the US, Europe and the UK. He is helping many customers transform their business using the cloud. He is leading diverse teams to driving change and deliver business value at scale.

A certified Amazon Web Services (AWS) Solution Architect and Security Specialist. Product lead for Container services (Docker, K8s, AWS ECS and EKS). He has worked with many Cloud Partners/Providers (AWS, Rackspace, Wipro, Google, Oracle, Azure, IBM and Vodafone) and successfully managed and implemented multiple Cloud migration projects replacing business-critical core legacy systems across the Telecom, Financial, Banking, Insurance, Retail, and Government sectors.

Tales Casagrande

Sales Engineer at Datadog

About Tales Casagrande

Tales has been in the IT area for 14 years, 8 of them in the security area. Today he works as a Sales Engineer and he is one of Snyk’s Ambassadors. Graduated in Systems Analysis and Development with a Post Graduate in Project Management. He is currently studying for an MBA in Cyber Security – Forensics, Ethical Hacking & DevSecOps.
Browse all events
We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close