Securing Kubernetes: OWASP Best Practices, CI/CD Integration, and Tools


Room: “Gesang” / 2nd floor

Abstract: An engaging session that delves deep into the world of securing Kubernetes (K8s) clusters through the lens of Open Web Application Security Project (OWASP) best practices. In this comprehensive talk, we will guide you through a structured agenda that covers essential aspects of Kubernetes security, providing practical insights and actionable strategies.

The session kicks off with an introduction to Kubernetes security challenges, setting the stage for understanding why securing K8s clusters is paramount in today’s dynamic threat landscape. We will then navigate through OWASP’s best practices tailored for Kubernetes environments, shedding light on key guidelines to fortify your containerized applications.

Moving into the practical realm, the agenda unfolds to reveal a well-defined workflow for Kubernetes security. Attendees will learn how to seamlessly integrate security practices into their development and deployment lifecycle, striking a balance between speed and security. The discussion will extend into CI/CD integration, showcasing the implementation of automated security testing within pipelines, ensuring continuous security validation.

An integral part of the session is the exploration of cutting-edge tools designed for securing Kubernetes. Live demonstrations will provide a hands-on understanding of tools for vulnerability scanning, runtime protection, and policy enforcement, helping attendees make informed decisions based on their specific needs.

Real-world case studies will illuminate success stories and lessons learned, offering valuable insights into overcoming challenges in Kubernetes security.

Whether you’re a developer, DevOps engineer, or security professional, this session is your gateway to enhancing the security posture of your Kubernetes deployments, guided by OWASP best practices.

Prerequisites for this workshop: The participants should have the following skills:

  • Basic understanding of Kubernetes concepts and containerization principles.
  • Background in software development or DevOps practices.
  • General awareness or interest in cybersecurity principles.
  • Familiarity with CI concepts.
  • Hands-on experience with deploying applications in Kubernetes.

The following tools will be covered:

  • Kubectl: The Kubernetes command-line tool for cluster interaction.
  • Minikube or Kind: Local Kubernetes cluster for those without external cluster access
  • Docker and Docker hub account: Essential for building and managing container images.
  • Helm: Package manager for simplifying Kubernetes application deployment.
  • Container Scanning Tools (Trivy): Identify vulnerabilities in container images
  • CI/CD Tools (GitLab CI): For automating CI processes.
  • IDE: VS Code or any other preferred IDE
  • Gitlab account

Link to the repository:

Bring your laptop!

Number of participants: 15 participants max



Rabieh Fashwall


Senior Golang Engineer

With over 13 years of experience in the computer software industry, I am a seasoned Software Engineer adept at crafting Cloud Native applications and Web applications, primarily