Docker & Kubernetes Security

Docker & Kubernetes Security

Learn how to securely orchestrate and operate containers.

About

Created for teams that rely on Docker and Kubernetes for their daily work, this training is an extensive guide to security aspects of both tools. We teach, how to attack Kubernetes-based environments, which attack vectors are available, which are the most crucial, what are the best practices regarding containerized environments, and how to defend against malicious actors. This training is meant to teach you how to secure containers, pods, and clusters against the threats you will surely encounter.

Good understanding of Linux and Networking topics are highly recommended, if not required. The training consists of five days of extremely hard work, as the knowledge presented is professionally considered highly difficult and elite.

On-site, ask to schedule

Ask for this training

Type of training

  • Exclusively on-site
  • 5 intensive days
  • Theory and laboratories

Who should attend

  • Operation teams (DevOps/DevSecOps)
  • Senior-rank Developers
  • Technology Leaders

Required knowledge

  • Docker & Kubernetes - min. Good
  • Linux - Good to Great
  • Networking - Good to Great

Agenda

A sample set of laboratories

  • Infrastructure exfiltration by runC privilege escalation
  • Kubernetes exfiltration and session-persistence with Helm Charts and Tiller
  • Image-security scanning with Trivy and vulns
  • Host take-over with exposed DockerAPI
  • Denial of the service attack with crushing Docker-based application
  • Container image-poisoning
  • Information and secrets gathering from Docker image
  • Generating seccomp-profiles with a set of tools
  • Protecting Docker-container using PodSecurityPolicies
  • Auditing Kubernetes infrastructure with fast Host Intrusion Detection System implementation and Kubernetes API auditlog
  • Man in the middle for Docker-registry
  • Host-pivoting through Kubernetes infrastructure
  • Cloud account exfiltration by Cloud Metadata Server
  • Enforcing compliance by AdmissionControllers and WebHooks
  • Automated application checks

Articles

Training Concept

"Docker and Kubernetes have been widely adopted, as the most popular foundation of infrastructure. However, even though they both solve a lot of problems, for each issue solved, another takes its place. Containers and pods might be better equipped to handle the current needs and desires of your business, but if they are insecure, are the risks of devastating financial, reputation, and code-wise losses acceptable? If you cannot keep your environments safe, you are doomed, no matter if you're running Kubernetes or any other kind of orchestrator, that is for sure."

- Kamil Zabielski

Trainer, CEO, Sysdogs

Questions

Recommendations

"Professionalism, partnership and high-quality. We can surely say, Sysdogs is one of the most experienced companies in Poland, when speaking about security, contenerization and Kubernetes. They are deeply integrated in development process, understand the business needs and really automate all the things. Anything in DevOps and DevSecOps areas - only sysdogs!"

- Maciej Gastol

Chief Executive Officer, Going. Sp. z o.o.

"sysdogs is not just an another software company which claims to do DevOps. They are a team of enthusiasts with many years of experience in the field of System Administration, Infrastructure, Network and Security that loves what they do. They are real professionals, act as a real partner who is ready to advise and is not afraid of pointing your mistakes. If you have any needs in DevOps area - they should be your first choice!"

- Karol Wiszowaty

Chief Operating Officer, Inspeerity

"At every moment of our cooperation, our wishes and expectations were met and exceeded by the Sysdogs team. Thanks to their knowledge in the creation of our new cloud infrastructure, we have created a foundation for scalable and secure network applications. A pro-customer approach at every stage of implementation makes cooperation with Sysdogs a real pleasure."

- Tymoteusz Wisniowski

Manager, ROLV Group Sp. z o.o.

"Sysdogs has reduced the delivery time of the applications and has delivered high-quality infrastructures. The team creates solutions that are tailored for the business needs and requirements. Overall, their vast experience in DevOps ensures a successful ongoing partnership."

- Maciej Kurek

Chief Technology Officer, Library X

"Thanks to Sysdogs engagement, the production environment can expect to process four petabytes of data growing by 200-500 GB a day with consistency and productivity. The team has established multiple communication tools to provide progress updates. Their optimal solutions are impressive."

- Maciej Lach

Chief Technology Officer, big xyt

How to order?

Contact us, we would love to talk about the training on a scheduled meeting.

We want to ensure you, that every incoming inquiry is important to us, treated with the highest level of care, and also guarantee, that you will receive a response within 48 hours or less.

Send an inquiry!
Each inquiry is treated individually.
Response within 48 hours guaranteed!

Contact