YoVDO

Using Policy as Code to Manage Security Risk in Kubernetes

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Kubernetes Courses Cloud Security Courses Infrastructure as Code Courses Policy-as-Code Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the concept of using policy as code to manage security risks in Kubernetes in this 25-minute conference talk from the Cloud Native Computing Foundation (CNCF). Delve into traditional security challenges and discover how Infrastructure as Code (IaC) and Policy as Code (PaC) can enhance cloud security. Learn about Terrascan, its goals, and how to integrate it into your workflow. Examine real-world examples of vulnerabilities, including CVE-2020-8554 and CVE-2020-8555, and understand their implications. Gain insights into various security risk categories and how Terrascan addresses them, empowering you to better protect your Kubernetes environments.

Syllabus

Intro
Traditional Security Challenges
Unlocking Cloud Security with lac & Pac
Terrascan - Goals
Integrate Terrascan into your workflow
CVE-2020-8554: LoadBalancer PATCH request example
CVE-2020-8555- Half Blind SSRF
CVE-2020-8555 - Vulnerable YAML example
Terrascan - Security Risk Categories


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Applying Infrastructure as Code and Serverless Technologies to AWS Deployments
A Cloud Guru AWS Developer Tools Deep Dive
A Cloud Guru Deploying Resources to GCP with Terraform
A Cloud Guru HashiCorp Certified Terraform Associate
A Cloud Guru Implementing Application Infrastructure in Azure
A Cloud Guru