Select Search Category

Attacking and Defending
Containers, Kubernetes
and Serverless


This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. The 2-day program shall detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios that the attendees shall understand and take part in and, shall also understand ways in which containerized and serverless deployments can be attacked, made secure, yet scalable, efficient and effective.

Focus areas in Container Security and Serverless Deployment:
  • Introduction to Container Technology
  • Containerized Deployments and Container Orchestration Technologies
  • Container Threat-Model
  • Attacking Containers and Security deep-dive
  • Introduction to Kubernetes
  • Threat-Model of Orchestration technologies
  • Attacking Kubernetes
  • Kubernetes Defense-in-Depth
  • Logging & Monitoring Orchestrated deployments
  • Introduction to Serverless
  • Deploying Application to AWS Lambda
  • Serverless Threat-Model
  • Attacking a Serverless Stack
  • Serverless Security Deep-dive
Session FAQ
  • DevOps Professionals
  • AppSec Professionals
  • Cloud Professionals
  • Cloud Security Professionals
  • Professionals managing or handling Kubernetes and/or Container native
  • Pentesters
  • Attendees should have a basic understanding of Linux environment and know their way around the terminal.
  • A basic understanding of ‘OWASP TOP-10 Vulnerabilities’ and ‘Basics of Docker’ shall be helpful
  • Laptop or reasonably powerful tablet computing device
  • Ability to connect to Wifi networks and access the internet
  • Slides for the course
  • Lab environment for the duration of the class and upto 6 months after the class
  • OSS toolkit for implementing all the labs discussed in the class
  • Challenge Segments and Automation Challenges

Subject matter experts from we45