Container (1)

Training Overview

With organizations rapidly moving towards micro-service style architecture for their applications, container technology seems to be taking over at a rapid rate.  Leading container technologies like Docker have risen in popularity and have been widely used because they have helped package and deploy consistent-state applications. Orchestration technologies like Kubernetes help scale such deployments to a massive scale which can potentially increase the overall attack-surface to a massive extent if security is not given the attention required.

 

Course Objectives

 

This training has been created with the objective of understanding both offensive and defensive security for container orchestrated deployments. It will detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios that the attendees will understand and take part in and, will also understand ways in which containerized deployments can be attacked, made secure, yet scalable, efficient and effective.

Highly recommend this training to anyone interested in container security

- Eugene Ang Beng Choon, SWIFT

I would like to say this training is really good. It helped me learn about the threats specific to containers, dominant attack patterns and corresponding hardening guidelines. One of the best things about the training is the step-by-step methodology followed by the trainers who I felt were clearly very experienced.

we45 - An AppSec Training Leader

Our container and orchestration security training is a regular feature at marquee application security conferences across the world. Below is a snapshot of past and future trainings undertaken by we45.
DevSecCon, Singapore 2019
we45 security training at BruCON
we45 training at AppSecCali 2019
we45 training at Code Blue

Frequently Asked Questions

Can beginners who are new to container technology take this training?

All concepts introduced in the training are explained from the very basics and then transition into advanced security specific topics. This training program is therefore beneficial for both beginners and security engineers who're already comfortable with container technology.

Do I need to know programming in order to attend the class?

While knowing a programming language is useful, prior knowledge of how to code is not necessary. Functionality of the any kind of code introduced in the training will be explained during the class.

In a nutshell, what can I expect to learn from this training?

Attendees can expect to gain a detailed understanding of how containers work, what threat models are specific to their use, how to attack/defend container deployments, how container orchestrators work and how one can attack/defend container orchestrated deployments.

Contact Us For a Detailed Course Agenda

Additional Resources

Docker Security Guideline

Docker Security Threats and Hardening Guidelines

Technologies with rapidly growing adoption rates invite high volumes of malicious intent. Learn about pertinent Docker Security Threats and its hardening methods.

Kubernetes Security Webinar

Webinar: Securing Kubernetes Deployments

Recently adopted Kubernetes? Have you made security an active consideration in its use? Get started by watching we45's free webinar on Kubernetes security.

Blog - Security Essentials for a developer we45

Security Essentials for a Developer - Kubernetes

The spurt in adoption of container technology is promptly being followed by increasing Kubernetes use. Find a starter's guide to securing Kubernetes deployments.