Cloud native runtime security and forensics workshop
In this 2-hour use-case driven training session we’ll cover the most important container security techniques with a focus on run-time security and forensics.
Agenda:
Container security best practices (~10m)
A quick review of the security best practices building your containers: privileges, resource limits, Dockerfile options, rebuild process, etc.
Kubernetes platform security features (~10min)
What’s available out of the box? Host security configuration, Kubernetes RBAC, Kubernetes Security Policy, Kubernetes Network Policy and other Admission Controllers, etc.
Runtime security and forensics (30min)
Why runtime security is important? How tools like seccomp, SELinux, AppArmor or Falco compare. Writing Falco rules. Responding to incidents in Kubernetes. Forensics on containers.
Deploying all the open source tools for a real example (60min)
Let’s put tools to work! We will deploy a vulnerable application and we will setup the open source security stack with Falco, NATS and Kubeless FaaS to block attacks on the application. We will hack the application but we will be blocked!