Kubernetes and Cloud Native Security Associate (KCSA) Cert Prep

Get a comprehensive overview of Kubernetes, cloud native security best practices, and mitigation strategies as you prepare for the KCSA exam.

Introduction

• Secure the cloud: Preparing for your KCSA certification
• What you should know

1. Overview of Cloud Native Security

• What is cloud native security?
• OWASP Kubernetes Top 10
• What is infrastructure security?
• The four Cs of cloud native security
• Cloud provider and infrastructure security
• Isolation techniques
• Artifact repo and image security
• Workload and app code security

2. Kubernetes Cluster Component Security

• API server and controller manager
• Scheduler
• Kubelet and container runtime
• kube-proxy
• Pods
• etcd
• Container networking and client security
• Storage and security wrap-up

3. Kubernetes Security Fundamentals

• Pod security standards
• Pod security admissions
• Authentication
• Authorization
• Secrets
• Isolation and segmentation
• Audit logging
• Network policies

4. Kubernetes Threat Model

• Kubernetes trust boundaries and data flow
• Denial of service
• Malicious code execution
• Compromised apps in containers
• Attackers on the network
• Access to sensitive data
• Privilege escalation

5. Platform Security

• Supply chain security
• Image repository security
• Observability
• Service mesh
• Kubernetes PKI
• Admission control

6. Compliance and Security Frameworks

• Compliance frameworks
• Hands-on: Utilizing CIS tools (CIS Report)
• Threat modeling frameworks
• Supply chain compliance
• Automation and tooling
• Hands-on: Kubescape and kube-bench

Conclusion

• Next steps