Practical End-to-End Container Security at Scale • Yashvier Kosaraju • GOTO 2020

This presentation was recorded at GOTO Chicago 2020. #GOTOcon #GOTOchgo

Yashvier Kosaraju - Product Security Expert at Twilio Inc.

ABSTRACT
Deploying containers using Kubernetes has become the new defacto deployment standard most companies are turning towards. Developing with containers is very different from traditional development practices and so is securing these containers & deployments. Traditional approaches of security do not scale well with the high paced container world. Automation and CI-CD integrations are more effective ways of keeping your containers secure without slowing your development practices.
In this talk we will look at different security checks you can place at various points within your SDLC [...]

TIMECODES
00:00 Intro
00:44 Agenda
01:16 Why?
01:41 What does practical security mean?
02:29 Why do traditional approaches not work?
03:20 Container pipeline
04:20 Securing container pipeline
04:43 Base image security
07:35 Container registry security
10:33 Vulnerability scanning
13:21 Docker Daemon security
14:05 Docker runtime security
14:34 Docker CIS benchmark
15:03 Kubernetes CIS benchmark
15:12 Logging & alterting
15:43 Realtime alerting in containers
15:58 Issues at scale
17:22 Helpful resources

Download slides and read the full abstract here:

RECOMMENDED BOOKS

#Containers #Security #Backend #Programming #SoftwareArchitecture #k8s #Kubernetes #SDLC

Looking for a unique learning experience?

SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.