In this 2.5-hour use-case driven training session we’ll cover the most important container security techniques: (best practices, platform features, image scanning, run-time security and forensics) with Docker, Kubernetes and other 3rd party open source tools (Anchore, Falco and Sysdig Inspect).

Agenda:

• Container security best practices: Learn what are the security best practices building your containers: privileges, resource limits, Dockerfile options, rebuild process, etc.
• Kubernetes platform security features: Host security configuration, Kubernetes RBAC, Kubernetes Security Policy, Kubernetes Network Policy and other Admission Controllers, etc.
• Image scanning: How image static scanning works in Docker, available tools like Quay and Anchore, integrating this in your CI/CD pipeline.
• Runtime security and forensics: Why runtime security is important? How tools like seccomp, SELinux, AppArmor or Falco compare. Writing Falco rules. Forensics on containers.
• Deploying all the open source tools for a real example: Bringing together all the tools like docker-bench, kube-bench, Kubernetes features, Anchore, Falco, sysdig and Sysdig Inspect.Using FaaS for reacting to security threats in a containerized world.