Securing Kubernetes: Practical Workflows and Tools for Enhanced Cluster Protection
An engaging session that delves deep into the world of securing Kubernetes (K8s) clusters through the lens of Open Web Application Security Project (OWASP) best practices. In this comprehensive talk, we will guide you through a structured agenda that covers essential aspects of Kubernetes security, providing practical insights and actionable strategies.
- Oct 23Alfândega Porto Congress Centre2 hours08:30 - 10:30 UTC
Rabieh Fashwall-
The session kicks off with an introduction to Kubernetes security challenges, setting the stage for understanding why securing K8s clusters is paramount in today's dynamic threat landscape. We will then navigate through OWASP's best practices tailored for Kubernetes environments, shedding light on key guidelines to fortify your containerized applications.
Moving into the practical realm, the agenda unfolds to reveal a well-defined workflow for Kubernetes security. Attendees will learn how to seamlessly integrate security practices into their development and deployment lifecycle, striking a balance between speed and security. The discussion will extend into CI/CD integration, showcasing the implementation of automated security testing within pipelines, ensuring continuous security validation.
An integral part of the session is the exploration of cutting-edge tools designed for securing Kubernetes. Live demonstrations will provide a hands-on understanding of tools for vulnerability scanning, runtime protection, and policy enforcement, helping attendees make informed decisions based on their specific needs.
Whether you're a developer, DevOps engineer, or security professional, this session is your gateway to enhancing the security posture of your Kubernetes deployments, guided by OWASP best practices.
A distinguished Software Engineer with a rich 15-year trajectory in the computer software landscape, I specialize in architecting robust Cloud Native and Web applications through a strategic blend of technical expertise and innovative problem-solving. My technical arsenal spans Golang, .NET, and React (TypeScript), complemented by comprehensive proficiency in C#, JavaScript, and a versatile range of contemporary development technologies.
With a proven track record of delivering high-performance solutions, I excel in designing scalable applications across multiple cloud environments, including AWS, Google Cloud Platform, and DigitalOcean. My approach transcends conventional coding—I view each project as an opportunity to push technological boundaries and deliver transformative digital solutions.