Securing Kubernetes: OWASP Best Practices, CI/CD Integration, and Tools


An engaging session that delves deep into the world of securing Kubernetes (K8s) clusters through the lens of Open Web Application Security Project (OWASP) best practices. In this comprehensive talk, we will guide you through a structured agenda that covers essential aspects of Kubernetes security, providing practical insights and actionable strategies.

The session kicks off with an introduction to Kubernetes security challenges, setting the stage for understanding why securing K8s clusters is paramount in today’s dynamic threat landscape. We will then navigate through OWASP’s best practices tailored for Kubernetes environments, shedding light on key guidelines to fortify your containerized applications.

Moving into the practical realm, the agenda unfolds to reveal a well-defined workflow for Kubernetes security. Attendees will learn how to seamlessly integrate security practices into their development and deployment lifecycle, striking a balance between speed and security. The discussion will extend into CI/CD integration, showcasing the implementation of automated security testing within pipelines, ensuring continuous security validation.

An integral part of the session is the exploration of cutting-edge tools designed for securing Kubernetes. Live demonstrations will provide a hands-on understanding of tools for vulnerability scanning, runtime protection, and policy enforcement, helping attendees make informed decisions based on their specific needs.

Real-world case studies will illuminate success stories and lessons learned, offering valuable insights into overcoming challenges in Kubernetes security.

Whether you’re a developer, DevOps engineer, or security professional, this session is your gateway to enhancing the security posture of your Kubernetes deployments, guided by OWASP best practices.



Rabieh Fashwall


Senior Golang Engineer

With over 13 years of experience in the computer software industry, I am a seasoned Software Engineer adept at crafting Cloud Native applications and Web applications, primarily