ATTACKING & AUDITING DOCKER CONTAINERS

Abstract

Developers and Operations teams (DevOps) have moved towards containers and modern technologies. Attackers are catching up with these technologies and finding security flaws in them. In this workshop, we will look at how we can test for security issues and vulnerabilities in Dockerised environments . Throughout the workshop we will learn how we can find security misconfigurations, insecure defaults and container escape techniques to gain access to host operating system (or) clusters. In the workshop, we will look at real world scenarios where attackers compromised containers to gain the access to applications, data and other assets.

By the end of workshop participants will be able to:

The participants will get the following:

Date
Location
Kochi, India

Refer to https://is-ra.org/c0c0n/2018/workshop/pre-conference-workshop/

Avatar
Madhu Akula
Never Ending Learner!

Madhu Akula is a security ninja, published author and cloud native researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (26, 24), BlackHat USA (2018, 2019), USENIX LISA 2018, Appsec EU 2018, All Day DevOps (2016, 2017, 2018), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2018, 2017), Nullcon 2019, SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200 companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible.

Next
Previous