Container Security Deep Dive

Containers are the next big thing in virtualization tech. If configured properly they provide immense security. In this workshop I will go over how to secure your container deployment end to end

Things covered:

  1. Quick intro to
 containers
  2. Generic container pipeline 

  3. Securing your container pipeline
: Trusted base images
, Dockerfile linting
, image scanning
, Docker daemon config
, Docker runtime options, logging in containers
, runtime alerting in Docker

  4. How to Scale
: pre-deployment feedback instead of post deployment vuln tickets
, deploying scanners to not hold up Jenkins builds
, real time notifications to developer, and webhooks with slack notifications
Participants should bring:

Laptop with admin privileges and docker installed

Participants must know or have:

basic linux knowledge, familiarity with Docker


Yashvier Kosaraju ,

Yash is a Senior Product Security Engineer at Twilio. He has worked with Box and iSEC Partners in the past. He has been working in security for over half a decade. He has worked in a variety of roles ranging from consulting to enterprise product security teams. He is a seasoned speaker and has presented in BSides SLC 2016, HackMiami 2017 and BSides San Diego 2018, and will be presenting at Troopers 2019