Workshop: Container and Microservice Security

Location: Henry Moore, 4th flr.

Duration: 9:00am - 4:00pm

Day of week: Friday

Level: Beginner

Key Takeaways

  • Awareness of the major areas where security issues are likely to appear in a container-based system

  • Understanding of the tools and features available to secure a container-based system

  • Ability to apply this understanding to their own system, focusing on most important areas first

Prerequisites

Attendees should have basic knowledge of Docker and Unix (able to run `docker build` and `docker run` commands and edit files on a Unix system).

Wifi enabled laptop with SSH client.

This is a hands-on workshop that covers how to secure a modern, microservice based system. We will start with running and hacking into a example web application. We will then switch roles and see how various container features can be used to protect the system from attack.  From there we explore various techniques and features in more detail, including scanning images for vulnerabilities, reducing the privileges associated with containers and securely handling sensitive information in containers.   

The course is technical in nature, but the majority of the advice is high-level and applicable to any microservice or container-based system such as Kubernetes or Mesos clusters.

The following topics will be covered:

  • Why security is important
  • How to respond to a security incident
  • Scanning images for vulnerabilities
  • Limiting the privileges of running containers
  • Managing secrets (such as database passwords and API keys)

Speaker: Adrian Mouat

Chief Scientist @containersoluti (Container Solutions)

Adrian Mouat is the Chief Scientist at Container Solutions, a European services company specialising in container technologies. He is currently researching container orchestration platforms and image management. Adrian is a member of the Docker Captains program.

Find Adrian Mouat at

Tracks

  • Career Hacking

    Strategies for advancing the skills that advance your career. Look for mentoring, speaking, empathy, and career paths.

  • Advances in FinTech

    Finance is king in London. What's happening and what should you be paying attention to with modern #FinTech

  • Security Transformation

    How do you actually start with a security mindset? Learn techniques for making security a first-class concern.

  • Tech Ethics: The Intersection of Human Welfare & STEM

    What does it mean to be ethical in software? Hear how the discussion is evolving and what is being said in ethics today.

  • Bare Knuckle Performance

    Killing latency and getting the most out of your hardware.

  • Evolving Java & the JVM

    6 month cadence, cloud-native deployments, scale, Graal, Kotlin, and beyond. Learn how the role of Java and the JVM is evolving.