Keep containers afloat presented at DevSecConBoston 2018

by Jason Valtman,

Summary : Containerized solutions are known for decades, but only recently they became part of the DevOps hype. Since the containers are minimalistic, there is a perception that they tend to be more secure than other virtualized solutions. However, by modifying common exploits on pre-container generation infrastructure, these attacks can be more disruptive on orchestrated containerized solutions. The key factors that affect the sturdiness of a system are the speed of DevOps CI/CD pipelines, the challenge for security teams to automate everything, and reusing old infrastructure concepts on software defined networks (SDN), such as container orchestrations. This talk is going to shed light on the defensive mechanisms that need to be considered when deploying containerized solutions, and will demonstrate effective attacks against them.