Amsterdam Secure Software Development Meetup + Cloud Security Meetup Amsterdam Jan 2023 - Practical Guide to Kubernetes Security for Developers πŸš€

Abstract

Kubernetes become the defacto for deploying and managing applications from startups to enterprises. This means most developers start writing their application code, package them into containers and deploy them into clusters to serve the customers. But if you look at typical day-to-day development and operations from local development to production deployment, we perform a ton of things that can be potentially insecure patterns. As we use modern tools, and technologies we tend to forget to secure them while building and serving our customers. In this talk, we will see how we can secure Kubernetes workflows and how we can automate these security checks and validate them to identify potential security risks before deploying our applications and code into production.

Madhu Akula will be using Kubernetes Goat, an interactive Kubernetes security learning playground in this talk to demonstrate some security concerns and fix them live πŸš€

Date
Monday, 09 Jan 2023 00:00 UTC
Location
Amsterdam, Netherlands
Madhu Akula
Madhu Akula
Never Ending Learner!

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30), BlackHat (2018, 19, 21, 22 & 23), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19, 22), All Day DevOps (2016, 17, 18, 19, 20, 21 & 22), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.