Hacking & Securing Kubernetes
Session Description
The talk will be around the open source project kube-goat ("Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground - https://github.com/madhuakula/kubernetes-goat).
I will be demoing a few attack vectors and then later showing how other open source projects can protect your kubernetes workloads e.g
Find deprecated resources
Pluto - A cli tool to help discover deprecated apiVersions in Kubernetes
(https://github.com/FairwindsOps/pluto)
Find vulnerabilities & misconfigurations
Krane - Kubernetes RBAC static analysis & visualisation tool
(https://github.com/appvia/krane)
Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
(https://github.com/aquasecurity/trivy)
I will also be covering the basic theory of
- OWASP top 10 for kubernetes (https://owasp.org/www-project-kubernetes-top-ten/),
- NSA & CISA Guidelines (https://research.nccgroup.com/2021/09/09/nsa-cisa-kubernetes-security-guidance-a-critical-review/),
- CIS Benchmark (https://www.cisecurity.org/benchmark/kubernetes),
Key Takeaways
References
Session Categories
Speakers
Sumir Broota
