Thank you for joining us at our 20th Anniversary Event! All sessions were recorded and will be posted in the coming weeks on the OWASP YouTube channel.

We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live 24-hour global event as we honor the past, celebrate the present, and embrace the future of OWASP and cybersecurity. Hear from world-renowned keynotes and special speakers, and network with your peers. It is FREE to attend, however, registration IS required, to gain access to the session links.

Friday, September 24 • 2:00pm - 2:30pm
Kubernetes Security: Attacking and Defending K8s Clusters

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
​This presentation aims to talk about different attack scenarios leveraging Kubernetes clusters. We'll dig deeper into a real-world attack scenario using real-world applications to demonstrate different ways attackers and malicious users can use to exploit your cluster and the applications running on it. But first, we’ll give an overview about Kubernetes and its architecture, covering the main components from the Control Plane and the Worker Nodes. Then, we'll use the K8s Threat Matrix and the MITRE ATT&CK for Containers published this year to discuss the Tactics, Techniques and Procedures to demonstrate the Recon, Exploitation and Post-Exploitation phases. After that, we'll provide some best practices to securing your cluster based on the scenarios and the CIS Benchmarks for Kubernetes. We'll show how to use Role-based access control (RBAC)  for Access Control, to enable audit logs for security and troubleshooting, and we'll set up some network policies to avoid communication between pods and prevent any lateral movement from attackers​​​

avatar for Magno Logan

Magno Logan

Information Security Specialist, GoHacking
Magno Logan works as an Information Security Specialist for Trend Micro. He specializes in Cloud, Container and Application Security Research, Threat Modelling and Red Teaming. He has been tapped as a resource speaker for numerous security conferences around the globe. He is also... Read More →

Friday September 24, 2021 2:00pm - 2:30pm EDT