Remote Training (Dec 7-8) : DevSecOps Masterclass 2020 Discoverer Edition Register Now

Attacking and Defending Containers,
Kubernetes and Serverless

Offensive and defensive security for Container orchestrated and Serverless deployments.

Training Objective and Course Overview

This flagship course from we45 is one of our most popular trainings. It’s been transacted at conferences like OWASP AppSec USA, AppSec California, Code Blue, SHACK and several others globally. Segments of this class have been a part of trainings at Black Hat and DEF CON in multiple years.

The training starts with a deep-dive of containers and container security, where trainees will learn with mostly hands-on approaches, ways to attack and defend containerized apps. Subsequently, we look at scaling container deployments with a nearly all hands-on perspective of attacking and defending Kubernetes Clusters. Finally, the training segues into Serverless Apps, where we will be exploring unique and powerful ways of attacking and defending FaaS deployments

What attendees will learn?

Attacking and Securing Applications leveraging containers and, serverless technology requires
specific skill set with a deep understanding of their underlying architecture that attendees shall be
able to understand. This course is aimed at Developers, DevOps Engineers, Penetration Testers and Security
practitioners who plan to use container or serverless technology as part of their product
deployments and want to get a good understanding on how to secure their services and

Training shall be extremely hands-on with exercises that are similar to real-world threat scenarios
that the attendees shall understand and take part in. This shall help them understand all there is
to attack and secure containerized and, serverless applications.

Course Agenda

  • Namespace
  • Cgroups
  • Mount
  • LXC and Linux Containers
  • Introducing Docker Images and Containers


  • Docker Commands and Cheatsheet
  • Docker commands
  • Dockerfile
  • Images

  • Introduction to docker-compose
  • Containerize an application
  • Deploying a containerized application
  • Deploy a containerized application using docker-compose
  • Daemon-related Threats
  • Network related Threats
  • OS and Kernel Threats
  • Threats with Application Libraries
  • Threats from Containerized Applications
  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of privileges
  • Container Breakout
  • Exploiting Insecure Docker Configurations
  • OS and Kernel level exploits
  • Trojanized Docker images
  • AppArmor/SecComp
  • Restricting Capabilities
  • Analysing Docker images
  • Hands-on: KataContainers
  • Container Security Mitigations
  • Hands-on: Container Vulnerability Assessment
  • Setting up a security pipeline to build, scan and push images
  • Introduction to Container Orchestrators
  • Getting started with Kubernetes
  • Understanding Kubernetes Architecture and Components
  • Exploring Kubernetes Cluster
  • Deploying application to Kubernetes
  • Kubernetes Threat Model
  • Attack Surface for a Kubernetes Cluster
  • Attacking application deployed on Kubernetes
  • Exploiting a Vulnerable Kubernetes cluster
  • Maintaining Persistent Access and Pivoting in the K8s Cluster
  • Dissecting the K8s Attack and identifying Security Missteps
  • Attacking kubelet and gaining access to all configurations and secrets on the cluster
  • K8s Threat Model and its counterpoint in Security Practices
  • Hands-on: Ideal Security Journey: Kubernetes
  • Pod Security
  • Access Control
  • Secret Management
  • Hands-on: Kubernetes Vulnerability Assessment
  • Kube-sec
  • Kube-hunter
  • Kube-bench
  • Hands-on: Logging and Monitoring
  • Logging and Monitoring specific Parameters within the K8s Cluster
  • Identifying anomalies (especially security) with the K8s Cluster
  • Hands-on: K8s Secret management
  • Integrating Vault on a K8s cluster
  • Storing secrets securely on Kamus
  • Hands-on: Kubernetes Network Security Implementation
  • Network Security Policy
  • Service Mesh - Istio/Envoy
  • Security Specific CI/CD for Kubernetes
  • Setting up a security pipeline to securely deploy on a k8s cluster
  • Understanding Serverless and FAAS(Function-As-A-Service)
  • Quick tour of FAAS(Function-As-A-Service) and BAAS(Backend-As-A-Service)
  • Introduction to AWS Lambda, S3, Open-FAAS and other Serverless options
  • Introduction to the Architecture of Serverless Deployments
  • Hands-on: Deploying a Serverless application
  • Function Data Event Injection Attacks against FaaS Implementations
  • Remote-Code Execution Attacks against Serverless Apps
  • Attacking Broken Access Control in Serverless Applications
  • Attacking Identity and Access Management through Serverless Implementations
  • Extracting Secrets from FaaS Implementations
  • Leveraging Vulnerabilities like ReDOS to perform Resource Exhaustion Attacks
  • Exploiting Function Execution Order for fun and profit!
  • Identity and Access Management
  • Securing Serverless deployments with locked down IAM privileges
  • Auditing Serverless Applications for weak access control implementations
  • Applied Key Management with Amazon Key Management System (KMS)
  • Leveraging AWS Secrets Manager for Key:Value Secrets
  • Integrating Secrets Management with Serverless Applications
  • Security Logging and Tracing for Serverless Functions
  • Serverless Vulnerability Assessment
  • CI/CD for Serverless Functions - With Security specific pipeline

- Deep-Dive Understanding of Injection Flaws like SQL Injection, Command Injection, Server-Side Template Injection and others

- Perform SQL Injection Attacks like a real-world adversary with the Cloud Labs and learn how it works

Well developed and structured labs

- Training Participant, Shack 2019 Conference

The Labs are well developed and structured. The documentation was easy to follow and the step by step instructions made it very easy for us to do the labs along with the trainer

Really good content and labs

- Training Participant, Shack 2019 Conference

A lot of the hands-on in Kubernetes was really good, especially the offensive labs and demos that were done. Docker and serverless content were also really good and well covered

Conference Features

Our Application Security and Cloud Security programs is a regular feature at marquee application security conferences across the world.

Frequently Asked Questions

Is this training specific to any programming language?

No. The training has been designed to be beneficial to product teams across the globe irrespective of the tech stack they use. All the vulnerability remediation assistance and best practices in application security imparted in the training are agnostic of platform or technology.

What level of existing security awareness is required for the audience?

This course is aimed at facilitating cross-skill development across the engineering community like developers, architects or QA teams. Hence attendees are not expected to have any prior understanding of security.

What would be some tangible takeaways from this training on a short to medium term basis?

The core objective of this course is to help engineering teams develop secure applications. Attendees will be given a detailed understanding of how vulnerabilities are exploited in the wild along with best practices that aid in secure application development.

Dates Coming Soon !

Attacking and Defending Containers, Kubernetes and Serverless

4 Days
(4 Hours per day)



(Until Seats Last)

Dates Coming Soon ! 
Get Notified

Would you rather have a private training conducted for your team? Enter your details here

    By checking this box you agree to receive communication on we45's events, product or solution offerings by email to your contact information.

    You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

    By clicking submit below, you consent to allow we45 to store and process your personal data to provide you the requested information.

    Additional Resources

    3 Things to Make Your AppSec Suck Less

    Let’s face it, your application security sucks! But don’t fret, there’s hope yet. Here are 3 very critical things that organizations sometimes miss out on when trying to fix application security.

    Free Webinar : Secure Code Review

    This webinar would showcase security vulnerabilities purely in light of its underlying code and emphasize on the practical differences between secure and insecure code.

    AppSec vs Secure Applications

    These things don’t always mean the same thing. Read on to find out why a holistic approach to AppSec is absolutely required, rather than a purely exploit/bug hunting approach.