Monthly Meeting - Attacking & Defending Kubernetes - A Real-world view
Dial in invite:
OWASP-SD: Attacking & Defending Kubernetes - A Real-world view
Thu, May 21, 2020 6:00 PM - 8:00 PM (PDT)
Please join my meeting from your computer, tablet or smartphone.
You can also dial in using your phone.
United States: +1 (224) 501-3412
Access Code: 121-698-877
New to GoToMeeting? Get the app now and be ready when your first meeting starts:
Monthly OWASP meeting - Attacking & Defending Kubernetes - A Real-world view.
Kubernetes has emerged as the leading container orchestration and management platform of choice for on-prem and cloud environments. However, Kubernetes is a multi-headed beast with several minute and nuanced security configuration parameters. In addition, attackers take advantage of these insecurely configured and designed Kubernetes deployments and perform deep-incursions into the organization’s assets.
This talk will commence with a demonstration of a complex attack on an application deployed on a misconfigured kubernetes cluster. The objective here is to appreciate attack vectors of an application deployed by a service account with admin level privileges and pivot in-order to gain complete access to the entire cluster. Using the stolen credentials, the attacker can steal secrets and deploy malicious pods on the cluster.
The detailed observation of the attack will focus on understanding the flaws across the Application, Container and the Cluster layers. We will also look at some of the container best practices and some container specific vulnerability assessment tools that can be used prior to deploying the containers on a kubernetes cluster.
We will then discuss some of the mechanisms we can use to defend ourselves from such attacks. Here, we delve into specific topics such as Admission Controller and usage of the AppArmor profiles as run-time security measures that can be used to secure the pods. We will also look into auditing kubernetes cluster security controls to look for pods running with insecure configurations.
The talk will conclude with a demonstration of a security specific CI/CD pipeline that leverages multiple tools. Here, we will first run Source Composition Analysis(SCA) and Static Application Security Testing(SAST) scans before we build a docker image. Once the image has been built, we will scan the docker image for vulnerabilities and also the deployment specification file for potential misconfigurations. The last stage of the pipeline will deploy the built image as a pod on the kubernetes cluster. Finally, we will look at a tool to scan a deployed cluster for misconfigurations
The talk aims to provide a view of attacking, auditing and defending kubernetes clusters.
Speaker Profile: Nithin Jois is a Solutions Engineer at we45 - a focused Application Security company. He has helped build ‘Orchestron’ - A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production. Nithin and his team have extensively used Docker APIs as a cornerstone to most of we45 developed security platforms and he has also helped clients of we45 deploy their Applications securely. Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook - An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook.