Instructor Led Training

Attacking & Defending Containers

Everyone wants the convenience of building and deploying containers, but they don’t think about the security challenges that come with it.In this landmark course by AppSecEngineer, we’ll take you on a journey through the dizzying world of container security.

Go from breaking out of containers using devious exploits, to running a gauntlet of hands-on exercises where you’ll scan, configure, and secure against real-world container breaches.

Course Overview

8 Hours
32 Lessons
14 Cloud Labs
Ideal for: Security Engineer  /  Product Security Teams

With Organizations rapidly moving towards microservice style architecture for their applications, container technology seems to be taking over at a rapid rate. Leading container technologies like Docker have risen in popularity and have been widely used because they have helped package and deploy consistent-state applications.

Security continues to remain a key challenge that both Organizations and Security practitioners face with containerized deployments. While container orchestrated deployments may be vulnerable to security threats that plague any typical application deployments, they face specific security threats related to the containerization daemon, shared kernel, shared resources, secret management, insecure configurations, role management issues and many more!

This training has been created with the objective of understanding both offensive and defensive security for container orchestrated deployments. The program shall detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios that the attendees shall understand and take part in and, shall also understand ways in which containerized deployments can be attacked and made secure, yet scalable, efficient and effective.

Know your trainer

Abhay Bhargav

CHief RESEARCH OFFICER, AppSecEngineer
Abhay started his career as a breaker of apps, in pentesting and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOpsHe has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security. In addition, Abhay has contributed to pioneering work in the Vulnerability Management space, being the architect of a leading Vulnerability Management and Correlation Product, Orchestron. Abhay is also committed to Open-Source and has developed the first-ever Threat Modeling solution at the crossroads of Agile and DevSecOps, called ThreatPlaybook.Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His training programs have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on. He's authored two international publications on Java Security and PCI Compliance as well.

Big Wins For Your Enterprise

A 360-degree view of container security: from cutting edge attack vectors, to battle-tested defensive measures.

Learn the inner workings of complex containerized deployments, and identify the various components.

Understand the weaknesses of your containers & exploit them like a real attacker.

Secure containers at every step: from container registry to post-deployment logging & monitoring.

What Your Team Will Learn

Deep dive into Docker & beyond

Various container escape methods

Securing container supply chains

Scanning & fixing insecure containers

Learn best with 1000+ labs modeled after real-world security scenarios

Crafted on Real-world training for product security teams

Hands-on Experience: Engage with real-world scenarios in a controlled, cloud-based lab environment to apply learning directly.

Immediate Application: Implement Threat Modeling tools and techniques instantly, enhancing retention and understanding.

Access to Specialized Tooling: Utilize advanced Threat Modeling software and LLMs without needing to set up or maintain the infrastructure.

Safe Learning Space: Experiment and learn from mistakes in a risk-free sandbox, encouraging exploration and innovation.

Explore Hands on Labs

Prerequisites

Knowledge base

Basic understanding of application security principles.
Familiarity with software development and the software development lifecycle (SDLC).
Some experience in security practices and methodologies is beneficial

Device requirements

For a optimal learning experience in this course, participants should use a laptop with Windows 10/11, the latest macOS, or a modern Linux distribution, equipped with an Intel i5 processor or equivalent (i7 recommended), at least 8GB of RAM (16GB preferred), and 20GB of free disk space. A stable, high-speed internet connection is essential for accessing streaming content and cloud-based labs, alongside the latest versions of Google Chrome, Mozilla Firefox, or Safari with JavaScript enabled. Participants must have administrative rights to install necessary software and a modern code editor like Visual Studio Code.

Minimum number of applicants

10

Talk to us

Testimonials

I found these courses to be pretty comprehensive and practically oriented. From dissecting common threat vectors to writing abuser stories, it had a lot of useful takeaways by the end.

DevOps Engineer at Streaming Services Provider

WORLD'S LARGEST SPORTS EQUIPMENT MANUFACTURER
Threat modeling has always been a bit elusive for my team, but these courses made it all click. The step-by-step breakdown of threat modeling concepts and integrating them into a DevSecOps pipeline gave us some solid, actionable learnings.

Developer at SaaS Company

DEFENSE INDUSTRY
“Threat modeling is seriously underrated compared to other security activities that have more visible impact. Fact of the matter is, if you can anticipate and build around potential threats to your software, that’s going to make a much bigger difference than if you set up a million defenses after the fact. These courses taught me how to do that!”

Head of Product at International Logistics Corporation

CYBERSECURITY OPERATIONS CENTER (CSOC)

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Started Now
X
X
FOLLOW APPSECENGINEER
CONTACT

Contact Support

help@appsecengineer.com

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023