In the previous workshop episodes, you learned the basics of Docker & Kubernetes. This workshop aims to kick a notch higher by introducing you to the security aspects of the container world. In this presentation, you will see live hacking demos, patterns & workflows, along with some insights & hands-on exercises on container security. This workshop aims to point you in the right direction regarding container security! Post knowledge transfer on container security basics, we will co-relate the container security aspects with Kubernetes and other elements of Kubernetes Security. Lastly, we will touch base on some open source tools that will help us harden the Kubernetes environment. Timestamps 00:00 Intro music 1:34 workshop starts 5:33 Hacks happened in the past 7:29 Demo of an Attack 29:25 What is a container? (killercoda demo) 37:05 root inside a container 45:38 privileged container 52:07 Linux capabilities 1:05:12 Kubernetes Goat 1:12:02 Getting a reverse shell 1:23:00 hostPID & hostNetwork 1:25:40 trivy scan on ubuntu & nginx image 1:28:07 Scanning argocd images 1:33:10 distroless images 1:35:28 Analyze your container image with dive 1:41:25 Memory Limits for containers & fork bomb 1:45:10 Kubernetes goat challange (private registry) 1:50:00 Runtime security (falco) 1:55:12 Kubernetes Security 2:04:35 kubectl-fields plugin 2:06:55 Network Policies 2:14:30 kyverno (admission controller) 2:19:30 kubescape for static scanning 2:26:10 closing message Speaker - Rewanth Tammana (@rewanthtammana) ►►►Resources ►►► ► Prerequisite - https://www.youtube.com/watch?v=PN3VqbZqmD8 ► GitHub Repo - https://github.com/rewanthtammana/container-and-kubernetes-security-workshop ► Killercoda Playground - https://killercoda.com/playgrounds/scenario/ubuntu ►►►Connect with Kubesimplify ►►► ► Twitter - https://twitter.com/kubesimplify ► Discord - https://kubesimplify.com/discord ► Website - https://kubesimplify.com/ ► GitHub - https://github.com/kubesimplify