Kubernetes is quickly becoming the de-facto standard to operate containerized applications at scale. Kubernetes is a complex and fast-developing technology; therefore, it is important to grasp its security implications and understand how to make Kubernetes implementation and usage secure-by-design. The course will cover the following topics:

• Which are the security findings of the platform
• How to measure the security level and risks of the platform
• How to protect your container images from known vulnerabilities by third parties
• How to reinforce the container and network runtime policy level
• How to better manage private information

During the course we will talk in depth about the Kubernetes security findings, we will highlight all the potential risks and the related remedial actions by analyzing all the tools provided by k8s. The course will help you understand how to implement a secure, solid and agile Kubernetes environment for your production systems.

Course length: 1 day.
Available languages: English, Italian
The training will be delivered remotely

• Developers wanting to develop secure applications in a Kubernetes environment
• Sysadmins interested in Kubernetes security practices
• Architects interested in designing a secure Kubernetes-based solution

• Kubernetes basic knowledge
• Available upon request

• Cloud Native security concepts
• Introduction to Kubernetes
• Kubernetes basic concepts
o Pod
o Node
o Service
o Api server
o Kubelet
o CRI
o Etcd server
o Dashboard
o Metrics

• Risks analysis and attack surface definition
• Attack vectors analysis
• Introduction to the Kubernetes security policies
o Upgrade management
o Authentication and authorization
o Kubernetes and auth
o Network policies
o RBAC
o Istio and application communication security introduction
o Securing networking data path (cilium)

• CRI hardening basic concepts
• Vulnerability demonstration
o Obtaining a reverse shell
o Discovery from the compromised pod
o Lateral movements to other pods
o Escalation to the worker node