Container Security Workshop

#1 Container Security Workshop across the globe

In today’s rapidly evolving technology landscape, containers have become the backbone of modern application deployment, enabling rapid scaling, efficient resource usage, and seamless development workflows. However, with the rise of containerization comes an increasing need for robust security measures. Our Container Security Workshop is one of the most advanced and sought-after programs globally, designed to equip you with cutting-edge skills and techniques to secure container environments effectively. This workshop is the ultimate deep dive into container security, covering essential Linux security concepts, modern containerization technologies, and real-world practices for securing both development and production environments. With 100+ hands-on labs on Docker and 10+ in-depth technology demonstrations, this workshop is not just a course; it’s a comprehensive learning experience that arms you with the knowledge and confidence to safeguard your containerized applications and environments.

100+

Hands-on Labs

10+

In-depth sessions

10+

Real-world examples

Whether you’re a security professional, DevOps engineer, system administrator, or developer, this workshop is tailored to give you the expert-level knowledge you need to secure containers from development through to production. Whether you’re securing Docker or Kubernetes, this workshop gives you the skills to protect critical systems against emerging threats. With expert-led training, real-world demonstrations, and labs designed to challenge and develop your abilities, you will leave the course confident in implementing advanced security strategies in modern container environments.

Workshop Outline:

1. Linux Namespaces

Understand how Linux namespaces isolate resources in containers.
Detailed exploration of namespace types: PID, Network, IPC, Mount, UTS, User.
Practical demonstrations and labs on namespace manipulation and security.

2. Linux Cgroups (Control Groups)

Learn how cgroups manage resource allocation in containerized environments.
In-depth exercises on setting cgroup limits for CPU, memory, and disk IO.
Techniques for securing cgroups to prevent resource abuse.

3. Linux Permissions and Access Control Lists (ACLs)

Master Linux file permissions and ACLs for securing containerized applications.
Explore real-world scenarios of access control in multi-user environments.
Practical labs for implementing fine-grained permissions in containers.

4. Linux Capabilities

Discover the power of Linux capabilities for managing process privileges in containers.
Hands-on exercises on granting and restricting specific capabilities to harden containers.
Best practices for minimizing privileges while maintaining functionality.

5. Seccomp and Seccomp-BPF (Berkeley Packet Filter)

Learn how Seccomp limits system calls to reduce the attack surface.
Practical labs on configuring and applying Seccomp filters to containerized applications.
Understand Seccomp-BPF for advanced filtering capabilities.

6. AppArmor and LSMs (Linux Security Modules)

Delve into AppArmor’s role in confining container processes.
Practical demonstration of profile creation, enforcement, and fine-tuning.
Hands-on labs to lock down containerized applications using AppArmor policies.

7. Host OS Hardening

Best practices for hardening the host OS to defend against container escape attacks.
Explore kernel hardening techniques, patch management, and attack surface reduction.
Practical exercises to strengthen host security.

8. Image Security, Signing, and Verification

Secure your container images with signature validation and integrity checks.
Learn how to create secure Dockerfiles and minimize vulnerabilities in images.
Hands-on labs for signing and verifying container images in production.

9. Dockerfile Best Practices

Write secure, efficient, and production-ready Dockerfiles.
Avoid common pitfalls that introduce vulnerabilities and performance bottlenecks.
Live demonstrations and hands-on labs to refine your Dockerfile creation skills.

Workshop Schedule:

Schedule	Duration	Type	Status
04,05,07,11,12,14 Nov 2024 3h/day, 3d/week, 2-week	18 hours	Online, Instructor-led	Sold out
02,03,05,09,10,12 Dec 2024 3h/day, 3d/week, 2-week	18 hours	Online, Instructor-led	Open to register

This workshop is a pre-requisite for our Kubernetes Security Workshop.

What can you do after the Workshop?

In short, you will be able to do:

Implement the least privilege concept for containers.
Configure the right file permissions and ACLs within the containers.
Find the application’s required Linux capabilities.
Restrict and drop unrequired Linux capabilities for the containers.
Implement the fake-root concept within the containers.
Restrict root user access within the containers.
Prevent containers from escaping and accessing the Host machine.
Access and debug running containers without container runtime.
Limit all container resources, not just CPU and memory.
Implement the right memory allocation method for containers.
Find the application’s required syscalls.
Write Seccomp-bpf policies and restrict syscalls.
Write AppArmor profiles to restrict access to system entities.
Implement best practices to protect the Host OS.