Course Summary

Container Security Expert is the training program for professionals tasked with securing the container environment. The course allows you to get hands-on experience as you work with live containers in our lab, gaining significant insights that will arm you to secure a containerized platform in any environment.

You will gain skills like:

• Understanding container security principles and the unique challenges associated with containerized environments.
• Implementing best practices for securing Docker containers, including image hardening and vulnerability management.
• Configuring container orchestration platforms (e.g., Kubernetes, Docker Swarm) securely with role-based access control (RBAC) and network policies.
• Implementing container runtime security measures such as container isolation, least privilege access, and runtime monitoring.
• Integrating container security into the CI/CD pipeline, including automated security testing and scanning of container images.

Module 1: Introduction to Containers
• What is a container?
• Basics of a container and its challenges
• Container vs. Virtualization
• Container Advantages
• Container Disadvantages
• Container fundamentals
• Namespaces
• Cgroup
• Capabilities
• Docker architecture and its components
• Docker CLI
• Docker Engine (Daemon, API)
• Docker Runtime (containerd, shim, runc)
• Interacting with container ecosystem
• Docker images and image layers
• Build Container images using Dockerfile
• Docker image repository
• Running a container
• Managing / Orchestrating multiple containers
• Using CLI/API to manage multiple containers
• Docker Compose
• Docker Swarm
• Kubernetes
• Docker alternatives
• Podman
• CRI-O

Module 2: Container Reconnaissance
• Overview of Container Security
• Attack surface of the container ecosystem
• Identifying the components and their security state
• Get an inventory of containers
• Docker Images
• Dockerfile and Environment variables
• Docker volumes
• Docker Networking
• Ports used/Port forwarding
• Docker Registries
• Exhaustive review of Namespaces, cgroups and capabilities
• Analysis of the attack surface
• Using native tools
• Using third-party tools

Module 3: Attacking Containers and Containerized Apps
• Containers Attack Matrix
• Image-based attacks
• Malicious Images
• Extracting passwords, tokens, TLS certs, etc.
• Exploiting vulnerable components
• Registry-based attacks
• Insecure Docker registries
• Open Docker registries
• Lack of authorization (RBAC)
• Container-based attacks
• Manipulating the Privileged mode containers
• Attacking mounted docker volumes
• Abusing SetUID/SetGID binaries
• Exploiting shared namespaces
• Attacking Linux capabilities
• Docker host (Daemon) / kernel attacks
• Exploiting unauthenticated Docker API
• Insecure Docker endpoint
• Lack of network segregation
• Denial of service attacks
• Kernel exploits
• Privilege escalation methods in Docker
• Security misconfigurations
• Attacking management tools (Portainer)
• Exploiting OWASP Top 10 issues in containerized apps

Module 4: Defending Containers and Containerized Apps on Scale
• Container image security
• Building secure container images
• Choosing base images
• Distroless images
• Scratch images
• Security Linting of Dockerfiles
• Static Analysis(SCA) of container images
• Scan for vulnerabilities in container
• Choosing the right container scanner tool for your needs
• Docker Daemon security configurations
• Docker user remapping
• Docker runtime security (gVisor, Kata)
• Docker socket configuration
• fd
• TCP socket
• TLS authentication
• Dynamic Analysis of the container hosts and daemons
• Docker host security configurations
• Kernel Hardening using Seccomp and AppArmor
• Custom policy creation using Seccomp and AppArmor
• Network Security in containers
• Segregating networks
• Misc Docker Security Configurations
• Content Trust and Integrity checks
• Docker Registry security configurations
• Private vs. Public Registries
• Authentication and Authorization (RBAC)
• Built-in Image scanning capabilities
• Policy enforcement
• DevOps CI/CD Integration
• Docker Tools, Techniques and Tactics
• Tools
• Dive (Forensic)
• Dockle
• Techniques
• Tactics

Module 5: Security Monitoring of Containers
• Monitoring Docker events, logs
• Incident response in containers
• Docker runtime prevention
• Policy creation, enforcement, and management
• Docker security monitoring using Wazuh

You should have knowledge of running basic linux commands like ls, cd, mkdir etc., Course participants should also have basic understanding of application Security practices like OWASP Top 10.

Practical DevSecOps Container Security Expert Exam Duration: 6 hours Exam type: Practical/labs Number of tasks: 5 Passing score: 80%

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.

Questions About This Course?