KubeCon + CloudNativeCon Europe 2019: DIY Pen-Testing for Your Kubernetes Clus...

Barcelona, Spain
May 20–23, 2019
Click here for more information and registration

View Conference Venue and Sponsor Showcase Map

Back To Schedule

DIY Pen-Testing for Your Kubernetes Cluster - Liz Rice, Aqua Security

Feedback form is now closed.

See how to use kube-hunter to run penetration tests on your Kubernetes clusters, and reveal misconfigurations that might leave you open to attack!

Kube-hunter is an open source tool that simulates what a hacker might do when trying to attack a deployment.

We’ll discuss the motivations behind the project, and some interesting aspects of how it is implemented.

There will be plenty of demos, including:
- Testing for the basics, like an unsecured Kubelet API
- Simulating an attack from within a compromised container
- Re-using credentials from a compromised container

You'll need a basic understanding of Kubernetes components, and with using curl to issue API requests.

You’ll leave this talk ready to test your own cluster, and with new insights into the possible routes that an attacker might attempt. Perhaps you’ll even be inspired to submit a new Hunter to the project!

Speakers

Liz Rice

VP Open Source Engineering, Aqua Security

Liz Rice is VP Open Source Engineering with cloud native security specialists Aqua Security. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. She has... Read More →

Thursday May 23, 2019 11:05 - 11:40 CEST
Hall 8.0 B1

Security + Identity + Policy

Skill Level Intermediate (Mid-level experience)
Link to Session Recording https://youtu.be/fVqCAUJiIn0

KubeCon + CloudNativeCon Europe 2019

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Liz Rice