The Synopsys Software Integrity Group is now Black Duck®. Learn More

Secure Implementation of Docker and Kubernetes v3.0

Course Description

The cloud as we know it is changing. Containers have taken center stage as the preferred method of developing and deploying software into production. As security practitioners, we must adapt to the latest technologies or be left in the dust. This course will focus on building a modern cloud infrastructure capable of taking containers from a developer’s laptop to production in a secure manner.

Learning Objectives

  • Grasp the core concepts surrounding the Docker and Kubernetes ecosystems and implement security controls in each of these technologies
  • Understand the need for containers and container orchestration tools
  • Implement security hardening techniques in Docker and Kubernetes
  • Build security checkpoints within the SDLC and DevOps pipelines
  • Understand the importance of containers when moving toward DevOps

Details

Delivery Format: eLearning

Duration: 1 hour

Level: Intermediate

Intended Audience

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers
  • QA Engineers

Prerequisites: Principles of Software Security

Course Outline

Deployment and Container Orchestration

  • The State of Software Deployment
  • Continuous Integration and Deployment
  • Incorporating Security into DevOps
  • Modern Infrastructure and Container Orchestration
  • Container-Related Threats

Container Security

  • Introduction to Container Technology
  • Anatomy of a Container
  • Docker Security Considerations
  • Container Isolation
  • Securing Container Images
  • Dockerfile Best Practices
  • Docker Image Vulnerabilities in the Wild
  • Docker Build Process Compromised with Backdoor

Container Deployment Techniques

  • Image Deployment Security Considerations
  • Immutable Infrastructure
  • Running Containers Securely
  • Host Security
  • Container Orchestration
  • Patch Slow, Get Owned Fast

Introduction to Kubernetes

  • Overview and History of Kubernetes
  • Kubernetes Components

Working with Kubernetes Clusters and Networking

  • Interacting with Kubernetes Clusters
  • Kubernetes Networking
  • Kubernetes Consoles Exposed to the Internet
  • A Cryptocurrency Miner Found on Internal Kubernetes Cluster

Kubernetes Security Considerations

  • Authentication
  • Authorization
  • Kubelet Security
  • Managing Secrets

More Kubernetes Security Considerations

  • Running Containers Securely
  • Security Context and Policies
  • Pod Security Standards
  • Network Security
  • Auditing and Logging
  • Kubelet Access Anyone?

Managed Kubernetes in the Cloud

  • Managed Kubernetes
  • Google Kubernetes Engine
  • Amazon Elastic Kubernetes Service
  • Azure Kubernetes Service

DevSecOps Pipelines

  • DevSecOps Pipeline Security
  • Securing Third-Party Dependencies
  • Container Security Tools and Resource
  • Bug Tracking
  • Yes, Even More Illicit Cryptocurrency Mining

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster