Loading…
Attending this event?
Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Monday, September 9 • 9:00am - Tuesday, September 10 • 5:00pm
Attacking and Defending Containerized Apps and Serverless Tech

Sign up or log in to save this to your schedule and see who's attending!

Container and serverless technology have changed the way applications are developed and the way deployments are done. Organizations, both large and small have openly embraced containerization to supplement traditional deployment paradigms like Virtual Machines and Hypervisors.
Containers have risen in popularity and have been widely used because they help package and deploy consistent-state applications across multiple environments, and are also extremely scalable especially when they are complemented with orchestration technologies.
Serverless, on the other hand, seems to be taking over at a rapid rate with increased usage of micro-services and polyglot development of applications and services across organizations.
However, security remains a key challenge that both Organizations and security practitioners face with containerized and serverless deployments. While containers continue to be vulnerable to security threats that plague any typical application deployment, they also face specific security threats related to the containerization daemon, the shared kernel and other shared resources like network, process and the filesystem. Serverless deployments face risks such as insecure deployment configurations, inadequate monitoring, and logging of functions, broken authentication, function event data injection, insecure secret storage, and many more.
Attacking services and applications leveraging container and serverless technology requires a specific skill set and a deep understanding of their underlying architecture.
This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. It will be a 2-day program that will detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios that the attendees will understand and take part in and will also understand the ways in which containerized and serverless deployments can be attacked, made secure, yet scalable, efficient and effective.

The training consists of, but not limited to the following focus areas in Container Security and Serverless Deployment:
  •  Introduction to Container Technology
  • Containerized Deployments and Container Orchestration Technologies
  • Container Threat-Model
  • Attacking Containers and Security deep-dive
  • Introduction to Kubernetes
  • Threat-Model of Orchestration technologies
  • Attacking Kubernetes
  • Kubernetes Defense-in-Depth
  • Logging & Monitoring Orchestrated deployments
  • Introduction to Serverless
  • Deploying Application to AWS Lambda
  • Serverless Threat-Model
  •  Attacking a Serverless Stack
  •  Serverless Security Deep-dive

Speakers
avatar for Nithin Jois

Nithin Jois

Solutions Engineer who specializes in DevSecOps, We45
Nithin Jois is a Solutions Engineer at we45 - a focused Application Security company. He has helped build Orchestron - A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production... Read More →
avatar for Sudarshan Narayanan

Sudarshan Narayanan

Practice Head - DevSecOps, we45
Sudarshan Narayanan is the Practice Head of DevSecOps at we45, a focused application securitycompany. Sudarshan currently leads the service delivery practice at we45 and comes with a decade longexperience in Software Quality Assurance.Sudarshan's primary focus involves conceptualizing... Read More →
avatar for Tilak Thimmappa

Tilak Thimmappa

Senior Solution Engineer, we45
I work at an Application Security company (we45) and have a unique perspective of developing secure and deliberately insecure apps in Python and NodeJS. I have contributed to the development of several Web-Applications using Django, Djano-Rest-Framework, NodeJs and more, that have... Read More →


Monday September 9, 2019 9:00am - Tuesday September 10, 2019 5:00pm
Feedback form isn't open yet.

Attendees (4)