Container Security Deep Dive

Back to the list of Speakers and Sessions

Containers are the next big thing in virtualization tech. If configured properly they provide immense security. In this workshop I will go over how to secure your container deployment end to end

Things covered:

  1. Quick intro to
  2. Generic container pipeline 

  3. Securing your container pipeline
: Trusted base images
, Dockerfile linting
, image scanning
, Docker daemon config
, Docker runtime options, logging in containers
, runtime alerting in Docker

  4. How to Scale
: pre-deployment feedback instead of post deployment vuln tickets
, deploying scanners to not hold up Jenkins builds
, real time notifications to developer, and webhooks with slack notifications
Participants should bring:

Laptop with admin privileges and docker installed

Participants must know or have:

basic linux knowledge, familiarity with Docker

Yashvier Kosaraju Senior Product Security Engineer, Twilio

Yash is a Senior Product Security Engineer at Twilio. He has worked with Box and iSEC Partners in the past. He has been working in security for over half a decade. He has worked in a variety of roles ranging from consulting to enterprise product security teams. He is a seasoned speaker and has presented in BSides SLC 2016, HackMiami 2017 and BSides San Diego 2018, and will be presenting at Troopers 2019