YoVDO

Using Policy as Code to Manage Security Risk in Kubernetes

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Kubernetes Courses Cloud Security Courses Infrastructure as Code Courses Policy-as-Code Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the concept of using policy as code to manage security risks in Kubernetes in this 25-minute conference talk from the Cloud Native Computing Foundation (CNCF). Delve into traditional security challenges and discover how Infrastructure as Code (IaC) and Policy as Code (PaC) can enhance cloud security. Learn about Terrascan, its goals, and how to integrate it into your workflow. Examine real-world examples of vulnerabilities, including CVE-2020-8554 and CVE-2020-8555, and understand their implications. Gain insights into various security risk categories and how Terrascan addresses them, empowering you to better protect your Kubernetes environments.

Syllabus

Intro
Traditional Security Challenges
Unlocking Cloud Security with lac & Pac
Terrascan - Goals
Integrate Terrascan into your workflow
CVE-2020-8554: LoadBalancer PATCH request example
CVE-2020-8555- Half Blind SSRF
CVE-2020-8555 - Vulnerable YAML example
Terrascan - Security Risk Categories


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX Scalable Microservices with Kubernetes
Google via Udacity Google Cloud Fundamentals: Core Infrastructure
Google via Coursera Introduction to Kubernetes
Linux Foundation via edX Fundamentals of Containers, Kubernetes, and Red Hat OpenShift
Red Hat via edX