Ben is a veteran cybersecurity and DevOps professional, as well as computer science lecturer. Today, he is the co-founder at ARMO, with a vision of making end-to-end Kubernetes security simple for everyone, and a core maintainer of the open source Kubescape project. He teaches advanced information security academically in both undergrad and graduate courses. In his previous capacities, he has been a security researcher and architect, pen-tester and lead developer at Cisco, NDS and Siemens.
"CVE shock" is the state of total helplessness felt by a dev or security engineer facing the overwhelming list of CVEs returned by the vulnerability scanner. Sound familiar?
We'd like to bring you a therapeutic and cathartic rant session for those who have felt "CVE shock" firsthand, with a goal to turn that frown upside down, and demonstrate through real code examples, that there is hope!
In this talk we'll share the findings from a security research project on the state of application behavior in containers. This research was conducted on existing cloud native projects and with some script magic, and will shed light on the most popular packages actually used in your containers. With this information in hand, we were able to automatically identify the relevant CVE for the most popular applications and packages, and discard those that are irrelevant. This utility can also be used to produce VEX documents that align with industry processes and standards.
We are going to present the research, the automation and code samples, and how you can leverage these to reduce the noise, and only focus on the CVEs relevant to your application.
Like all frameworks and platforms that gain popularity, Kubernetes has now reached a critical mass of production users, and once this happens would-be attackers start coming out of the woodwork.
But fear not! In this session will take a deep dive on what it takes to get baseline Kubernetes security - without having to be a security expert. We'll explore the most common security pitfalls with vanilla Kubernetes installations. Next we'll review the many layers of Kubernetes to optimize for security including: bootstrapping, API server configurations, Kubelet configurations, and etcd best practices. We'll wrap up with practical tips and takeaways for you to get started with securing your Kubernetes environments that anyone can apply.