The Platform Engineer Playbook - 5 Ways to Container Security

Track: Security
Abstract
The infamous Log4Shell vulnerability took the software community by surprise two years ago; it was a perfect storm of the massively popular open-source library with a vulnerability that was fairly trivial to attack. Will there be another massive vulnerability to deal with this year? It’s always possible, but there are things you can do to protect your application.

As we address additional layers in our defense-in-depth model, and with many containers requiring scale, an advanced application network with a wide array of security features is required. How do we ensure the right policies are in place to allow communication? What mechanisms exist to ensure that payloads in our network cannot be deciphered or replayed? How do we leverage identity to attest containers and their intent?

From a developer’s shell to a platform engineer moving to a runtime in production, there are many tools and practices available to mitigate and detect would-be attackers and make their lives harder.

This session will include a live demo of the Log4Shell remote code exploit (RCE) and effective techniques to defend against vulnerabilities like it such as:
- Code & container image scanning
- Best practices for container runtime configuration
- Policy enforcement in Kubernetes
- Container authentication & authorization
- Encryption & identification for services

Join us and protect your organization from an attack on the next critical CVE and make it harder for attackers to leverage it against you!
Marino Wijay
Marino Wijay is a Canadian, Traveller, International Speaker, Open Source Advocate for Service Mesh, Kubernetes, and Networking. He is an Ambassador @ EddieHub, and Lead Organizer for KubeHuddle Toronto. He is passionate about technology and modern distributed systems. He will always fall back to the patterns of Networking and the ways of the OSI. Community building is his driving force; A modern Jedi Academy.
Eric Smalling
Eric is a 30+ year enterprise software developer, architect, and consultant with a focus on CI/CD, DevOps, and container-based solutions over the last decade. He is a Docker Captain, is certified in Kubernetes (CKA, CKAD, CKS), and has been a Docker user since 2013. As a Staff Solutions Architect at Chainguard, Eric helps teams deploy their applications securely by minimizing container image footprint and CVE counts.