YoVDO

Malicious Compliance: Reflections on Trusting Container Scanners

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Container Security Courses DevSecOps Courses Compliance Courses Vulnerability Assessment Courses Policy-as-Code Courses Cloud-Native Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the limitations and potential vulnerabilities of container scanning tools in this eye-opening conference talk. Delve into the intricacies of container image analysis and admission control detection as four security experts demonstrate creative methods to intentionally bypass these security measures. Gain valuable insights into the inner workings of container scanners, understanding what they look for and why certain changes in image building techniques can produce vastly different results. Learn how the flexibility in container image construction and distribution can be exploited to manipulate or prevent scanning tools from fully comprehending a container's contents. Discover the potential risks of relying solely on policy-as-code approaches based on scanner results for security and compliance. Walk away with a deeper understanding of the challenges in validating container images and acquire knowledge to create more robust security policies for your own environments.

Syllabus

Malicious Compliance: Reflections on Trusting Container... - Coldwater, Cooley, Geesaman, McCune


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

DevOps CI/CD Pipeline: Automation from development to deployment
Universidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX Exploring the Benefits of Continuous Security and Compliance for Cloud Infrastructure
Pluralsight Integrating Incident Response into DevSecOps
Pluralsight DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning