5. OWASP Poland Meetup Online

Zapraszamy na piąte już spotkanie online organizowane przez OWASP Poland. Tym razem coś po angielsku dla ludzi pracujących w skonteneryzowanym środowisku - bezpieczeństwo K8s.

Welcome to the second OWASP Online Poland in English!

Our speaker is Nidaa Saffarini who specializes in securing and testing DevOps tools.

Title: Pentesting k8s

The most common web application vulnerabilities have risks impact to the monolith web apps and its backend but also they also have more high impacting for the containerized web apps running in k8s cluster which can allow an unauthorized attacker not only exploit vulnerability itself but also take the control over the containers and utilize more capability in different k8s vulnerable resources and component .

In this talk we will discuss the threats of top 10 owasp vulnerabilities in monolith web app and microservices app running in k8s cluster , the process of k8s penetration tests including the k8s architecture and its component, security model of Kubernetes starting from the Linux namespaces used in containers , pod security , network policy and RBAC which used to build permissions in cluster . Highlight the most recommendation to build secure k8s cluster and secure containerized app.

Zapraszamy!