Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Back To Schedule
Monday, September 9 • 9:00am - Tuesday, September 10 • 5:00pm
Attacking and Defending Containerized Apps and Serverless Tech

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Container and serverless technology have changed the way applications are developed and the way deployments are done. Organizations, both large and small have openly embraced containerization to supplement traditional deployment paradigms like Virtual Machines and Hypervisors.
Containers have risen in popularity and have been widely used because they help package and deploy consistent-state applications across multiple environments, and are also extremely scalable especially when they are complemented with orchestration technologies.
Serverless, on the other hand, seems to be taking over at a rapid rate with increased usage of micro-services and polyglot development of applications and services across organizations.
However, security remains a key challenge that both Organizations and security practitioners face with containerized and serverless deployments. While containers continue to be vulnerable to security threats that plague any typical application deployment, they also face specific security threats related to the containerization daemon, the shared kernel and other shared resources like network, process and the filesystem. Serverless deployments face risks such as insecure deployment configurations, inadequate monitoring, and logging of functions, broken authentication, function event data injection, insecure secret storage, and many more.
Attacking services and applications leveraging container and serverless technology requires a specific skill set and a deep understanding of their underlying architecture.
This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. It will be a 2-day program that will detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios that the attendees will understand and take part in and will also understand the ways in which containerized and serverless deployments can be attacked, made secure, yet scalable, efficient and effective.

The training consists of, but not limited to the following focus areas in Container Security and Serverless Deployment:
  •  Introduction to Container Technology
  • Containerized Deployments and Container Orchestration Technologies
  • Container Threat-Model
  • Attacking Containers and Security deep-dive
  • Introduction to Kubernetes
  • Threat-Model of Orchestration technologies
  • Attacking Kubernetes
  • Kubernetes Defense-in-Depth
  • Logging & Monitoring Orchestrated deployments
  • Introduction to Serverless
  • Deploying Application to AWS Lambda
  • Serverless Threat-Model
  •  Attacking a Serverless Stack
  •  Serverless Security Deep-dive

avatar for Sudarshan Narayanan

Sudarshan Narayanan

Practice Head - DevSecOps, we45
Sudarshan Narayanan is the Practice Head of DevSecOps at we45, a focused application securitycompany. Sudarshan currently leads the service delivery practice at we45 and comes with a decade longexperience in Software Quality Assurance.Sudarshan's primary focus involves conceptualizing... Read More →
avatar for Nithin Jois

Nithin Jois

Senior Security Solutions Engineer, we45
Nithin Jois dons two hats - Apart from being one of the lead trainers at AppSecEngineer, he is also a Senior Solutions Architect at We45 where he has helped build multiple solutions ranging from Vulnerability management to scalable scanner orchestrating systems that leveraged container... Read More →
avatar for Tilak Thimmappa

Tilak Thimmappa

Senior Solution Engineer, we45
I work at an Application Security company (we45) and have a unique perspective of developing secure and deliberately insecure apps in Python and NodeJS. I have contributed to the development of several Web-Applications using Django, Django-Rest-Framework, NodeJs and more, that have... Read More →

Monday September 9, 2019 9:00am - Tuesday September 10, 2019 5:00pm EDT
Lincoln 2