Topic / Sector
DAY 2 OUT OF 3 DAYS TRAINING COURSE
With Organizations rapidly moving towards micro-service style architecture for their applications, container and serverless technology seem to be taking over at a rapid rate. Leading container technologies like Docker have risen in popularity and have been widely used because they have helped package and deploy consistent-state applications. Serverless and Orchestration technologies like Kubernetes help scale such deployments to a massive scale which can potentially increase the overall attack-surface to a massive extent, if security is not given the attention required.
Security continues to remain a key challenge that both Organizations and Security practitioners face with containerized and, serverless deployments. While container orchestrated deployments may be vulnerable to security threats that plague any typical application deployments, they face specific security threats related to the containerization daemon, shared kernel, shared resources, secret management, insecure configurations, role management issues and many more! Serverless deployments on the other hand, face risks such as insecure serverless deployment configurations, Inadequate function monitoring and logging, Broken authentication, Function event data injection & Insecure application secrets storage.
Attacking an infrastructure or Applications leveraging containers and serverless technology requires specific skill-set and a deep understanding of the underlying architecture.