Docker Security & (Sec)DevOps
Docker, Microservices, Kubernetes, DevOps, Continuous Integration/Deployment/Delivery, Container – all of those terms heavily dominate modern application development teams and processes. This training will explain all of the mentioned terms and focus on the following main questions:
How strong and reliable are the isolation capabilities of Docker/Linux/OS containers?
How do containers affect typical application and network architectures?
Which changes are introduced by the CI/CD/Microservice paradigm into traditional development environments?
How does a typical CI/CD pipeline look like?
How can “security” be integrated into these new development/architecture paradigms?
What additional attack surface and security challenges are introduced by the changed development landscape and additional tools?
The agenda of the training is as follows:
Day 1, Docker, Container & Linux isolation:
- Basics & Tech Stack
- Linux isolation capabilities
- Security Aspects
- Known attacks
- Potential attack surface
- During the whole day, each attendee will build her/his docker environment.
Day 2, DevOps, MicroServices & CI/CD
- DevOps Concepts & Implications
- Microservice Architectures & why they work well with the DevOps style
- Resulting challenges for people, processes, and tools
- Existing tools and frameworks, what’s behind their names & how they (can) affect the security posture
- Through the whole day, each attendee will build her/his microservice environment.
All agenda topics will supported by practical exercises and/or demos. At the end of day 2, each attendee will have an automated environment where code changes can be deployed to staged hosting environments while being covered by various functional and/or security-related tests. The attendees will also know the concept behind the main buzzwords and tools described above and understand how they impact application architectures, development, and security posture.
The attendees should have basic knowledge of the Linux bash and need a system with an SSH client for the workshop. Attendees who want to operate the demo VMs on their own system will get the base demo VM on a usb drive but are on their own for starting/deploying it.