A Wander Through the World of Container Security

Explore the intricacies of container security in this 52-minute conference talk presented by Anais Urlichs for the OWASP Foundation. Delve into the fundamentals of containerization, starting with the concept of turning processes into contained processes and understanding Docker as a command execution service. Gain insights into Kubernetes architecture and its role in container orchestration. Examine the layered structure of the container stack and learn about potential vulnerabilities, including container breakout CVEs. Investigate the Kubernetes control plane, networking complexities, and the role of cluster nodes as routers. Analyze specific security concerns such as CVE-2020-8554 and its impact on services. Discuss the future landscape of network attacks in containerized environments. Address user management challenges in Kubernetes and explore the intricacies of Role-Based Access Control (RBAC). Conclude with a comprehensive overview of container security best practices and emerging trends in the field.

Intro
About Rory
Turning a process into a contained process
Docker == Command Execution As A Service
So, What is Kubernetes?
Container Stack - A Layer Cake
Container Breakout CVES Kubernetes Control Plane
Kubernetes Networking Fun
Cluster nodes are routers
CVE-2020-8554 - Attack of the services
The Future for network attacks
Kubernetes - Where's my users?
RBAC - The restless verbs
Conclusion