Container Security Workshop

In today’s rapidly evolving technology landscape, containers have become the backbone of modern application deployment, enabling rapid scaling, efficient resource usage, and seamless development workflows. However, with the rise of containerization comes an increasing need for robust security measures. Our Container Security Workshop is one of the most advanced and sought-after programs globally, designed to equip you with cutting-edge skills and techniques to secure container environments effectively. This workshop is the ultimate deep dive into container security, covering essential Linux security concepts, modern containerization technologies, and real-world practices for securing both development and production environments. With 100+ hands-on labs on Docker and 10+ in-depth technology demonstrations, this workshop is not just a course; it’s a comprehensive learning experience that arms you with the knowledge and confidence to safeguard your containerized applications and environments.

Whether you’re a security professional, DevOps engineer, system administrator, or developer, this workshop is tailored to give you the expert-level knowledge you need to secure containers from development through to production. Whether you’re securing Docker or Kubernetes, this workshop gives you the skills to protect critical systems against emerging threats. With expert-led training, real-world demonstrations, and labs designed to challenge and develop your abilities, you will leave the course confident in implementing advanced security strategies in modern container environments.

Workshop Outline:

1. Linux Namespaces

• Understand how Linux namespaces isolate resources in containers.
• Detailed exploration of namespace types: PID, Network, IPC, Mount, UTS, User.
• Practical demonstrations and labs on namespace manipulation and security.

2. Linux Cgroups (Control Groups)

• Learn how cgroups manage resource allocation in containerized environments.
• In-depth exercises on setting cgroup limits for CPU, memory, and disk IO.
• Techniques for securing cgroups to prevent resource abuse.

3. Linux Permissions and Access Control Lists (ACLs)

• Master Linux file permissions and ACLs for securing containerized applications.
• Explore real-world scenarios of access control in multi-user environments.
• Practical labs for implementing fine-grained permissions in containers.

4. Linux Capabilities

• Discover the power of Linux capabilities for managing process privileges in containers.
• Hands-on exercises on granting and restricting specific capabilities to harden containers.
• Best practices for minimizing privileges while maintaining functionality.

5. Seccomp and Seccomp-BPF (Berkeley Packet Filter)

• Learn how Seccomp limits system calls to reduce the attack surface.
• Practical labs on configuring and applying Seccomp filters to containerized applications.
• Understand Seccomp-BPF for advanced filtering capabilities.

6. AppArmor and LSMs (Linux Security Modules)

• Delve into AppArmor’s role in confining container processes.
• Practical demonstration of profile creation, enforcement, and fine-tuning.
• Hands-on labs to lock down containerized applications using AppArmor policies.

7. Host OS Hardening

• Best practices for hardening the host OS to defend against container escape attacks.
• Explore kernel hardening techniques, patch management, and attack surface reduction.
• Practical exercises to strengthen host security.

8. Image Security, Signing, and Verification

• Secure your container images with signature validation and integrity checks.
• Learn how to create secure Dockerfiles and minimize vulnerabilities in images.
• Hands-on labs for signing and verifying container images in production.

9. Dockerfile Best Practices

• Write secure, efficient, and production-ready Dockerfiles.
• Avoid common pitfalls that introduce vulnerabilities and performance bottlenecks.
• Live demonstrations and hands-on labs to refine your Dockerfile creation skills.

Workshop Schedule:

This workshop is a pre-requisite for our Kubernetes Security Workshop.