Brochure
Enquire
- Welcome
- Best Video Quality
- Slack Community
- K8s Security Best Practises
Quick Facts
| particular | details | |||
|---|---|---|---|---|
|
Medium of instructions
English
|
Mode of learning
Self study
|
Mode of Delivery
Video and Text Based
|
Course and certificate fees
Fees information
₹ 1,699
certificate availability
Yes
certificate providing authority
Udemy
The syllabus
Introduction
Create your course K8s cluster
- Cluster Specification
- Practice - Create GCP Account
- Practice - Configure "gcloud" command
- Practice - Create Kubeadm Cluster in GCP
- Practice - Firewall rules for NodePorts
- Notice: Always stop your instances
- Containerd Course Upgrade
- Recap
Killercoda Access
- How to get Access
- Your Access Code
Foundation - Kubernetes Secure Architecture
- Intro
- Practice - Find various K8s certificates
- Recap
Foundation - Containers under the hood
- Intro
- Container Tools Introduction
- Practice - The PID Namespace
- Recap
- TEST - Docker Container Namespaces
- TEST - Podman Container Namespaces
Cluster Setup - Network Policies
- Cluster Reset
- Introduction1
- Introduction 2
- Practice- Default Deny
- Practice - Frontend to Backend Practice
- Practice - Backend to Database traffic
- Recap
- TEST - Default-Deny Network Policy
- TEST - NetworkPolicy Namespace Communication
Cluster Setup - GUI Elements
- Introduction
- Practice - Install Dashboard
- Practice - Outside Insecure Access
- Practice - RBAC for the Dashboard
- Recap
Cluster Setup - Secure Ingress
- K8s Docs in correct Version
- Introduction
- Practice - Create an Ingress
- Practice - Secure an Ingress
- Recap
- TEST - Create an Ingress
- TEST - Secure an Ingress
Cluster Setup - Node Metadata Protection
- Introduction
- Practice: Access Node Metadata
- Practice: Protect Node Metadata via NetworkPolicy
- Recap
- TEST - NetworkPolicy Metadata Protection
Cluster Setup - CIS Benchmarks
- Introduction
- Practice - CIS in Action
- Practice - kube-bench
- Recap
- TEST - Apply CIS rules for Controlplane
Cluster Setup - Verify Platform Binaries
- Introduction
- Practice - Download and verify K8s release
- Practice - Verify apiserver binary running in our cluster
- Recap
- TEST - Verify Kubelet Binary
Cluster Hardening - RBAC
- Intro
- Practice - Role and Rolebinding
- Practice - ClusterRole and ClusterRoleBinding
- Accounts and Users
- Practice - CertificateSigningRequests
- Recap
- TEST - RBAC ServiceAccount Permissions
- TEST - RBAC User Permissions
- TEST - CertificateSigningRequests Sign Manually
- TEST - CertificateSigningRequests Sign via API
Cluster Hardening - Exercise Caution in Using ServiceAccount
- Intro
- Practice - Pod uses custom ServiceAccount
- Practice - Disable ServiceAccount mounting
- Practice - Limit ServiceAccounts using RBAC
- Recap
- TEST - ServiceAccount Token Mounting
Cluster Hardening - Restrict API Access
- Introduction
- Practice - Anonymous Access
- Practice - Insecure Access
- Practice - Manual API Request
- Practice - External Apiserver Access
- NodeRestriction AdmissionController
- Practice - Verify NodeRestriction
- Recap
- TEST - Crash that Apiserver
- TEST - Apiserver Manifest Misconfigured
- TEST - NodeRestriction
Cluster Hardening - Upgrade Kubernetes
- Introduction
- Practice - Create outdated cluster
- Practice - Upgrade controlplane node
- Practice - Upgrade node
- Recap
Microservice Vulnerabilities - Manage Kubernetes Secrets
- Introduction
- Practice - Create Simple Secret Scenario
- Practice - Hack Secrets in Container Runtime
- Practice - Hack Secrets in ETCD
- ETCD Encryption
- Practice - Encrypt ETCD
- Recap
- TEST - Access Secrets in Pods
- TEST - Read Secret Values
- TEST - Secrets Pods and ServiceAccount
- TEST - ETCD Encryption
Microservice Vulnerabilities - Container Runtime Sandboxes
- Introduction
- Practice - Container calls Linux Kernel
- Open Container Initiative OCI
- Sandbox Runtime Katacontainers
- Sandbox Runtime gVisor
- Practice - Create and use RuntimeClasses
- Practice - Install and use gVisor
- Recap
- TEST - gVisor and RuntimeClass
Microservice Vulnerabilities - OS Level Security Domains
- Intro and Security Contexts
- Practice - Set Container User and Group
- Practice - Force Container Non-Root
- Privileged Containers
- Practice - Create Privileged Containers
- PrivilegeEscalation
- Practice - Disable PriviledgeEscalation
- PodSecurityPolicies
- Practice - Create and enable PodSecurityPolicy
- Recap
- TEST - Privileged Containers
- TEST - Privilege Escalation Containers
Microservice Vulnerabilities - mTLS
- Intro
- Practice - Create sidecar proxy
- Recap
Open Policy Agent (OPA)
- Cluster Reset
- Introduction
- Practice - Install OPA
- Practice - Deny All Policy
- Practice - Enforce Namespace Labels
- Practice - Enforce Deployment replica count
- Practice - The Rego Playground and more examples
- Recap
Supply Chain Security - Image Footprint
- Introduction
- Practice - Reduce Image Footprint with Multi-Stage
- Practice - Secure and harden Images
- Recap
- TEST - Image Footprint User
- TEST - Image Container Hardening
Supply Chain Security - Static Analysis
- Introduction
- Kubesec
- Practice - Kubesec
- OPA Conftest
- Practice - OPA Conftest for K8s YAML
- Practice - OPA Conftest for Dockerfile
- Recap
- TEST - Manual Static Analysis K8s
- TEST - Manual Static Analysis Docker
Supply Chain Security - Image Vulnerability Scanning
- Introduction
- Clair and Trivy
- Practice - Use Trivy to scan images
- Recap
- TEST - Scan images using Trivy
Supply Chain Security - Secure Supply Chain
- Introduction
- Practice - Image Digest
- Practice - Whitelist Registries with OPA
- ImagePolicyWebhook
- Practice - ImagePolicyWebhook
- Recap
- TEST - Complete ImagePolicyWebhook Setup
- TEST - Use Image Digest
Runtime Security - Behavioral Analytics at host and container level
- Introduction
- Practice - Strace
- Practice - Strace and /proc on ETCD
- Practice - /proc and env variables
- Practice - Falco and Installation
- Practice - Use Falco to find malicious processes
- Practice - Investigate Falco rules
- Practice - Change Falco Rule
- Recap
- TEST - Syscall Activity Strace
- TEST - Falco Rule Change
Runtime Security - Immutability of containers at runtime
- Introduction
- Ways to enforce immutability
- Practice - StartupProbe changes container
- Practice - SecurityContext renders container immutable
- Recap
- TEST - Immutability Readonly Filesystem
Runtime Security - Auditing
- Introduction
- Practice - Enable Audit Logging in Apiserver
- Practice - Create Secret and check Audit Logs
- Practice - Create advanced Audit Policy
- Practice - Investigate API access history
- Recap
- TEST - Enable Audit Logging
System hardening - Kernel Hardening Tools
- Introduction
- AppArmor
- Practice - AppArmor for curl
- Practice - AppArmor for Docker Nginx
- Practice - AppArmor for Kubernetes Nginx
- Seccomp
- Practice - Seccomp for Docker Nginx
- Practice - Seccomp for Kubernetes Nginx
- Recap
- TEST - AppArmor
System hardening - Reduce Attack Surface
- Introduction
- Practice - Systemctl and Services
- Practice - Install and investigate Services
- Practice - Disable application listening on port
- Practice - Investigate Linux Users
- Recap
- TEST - Close Open Ports
- TEST - Manage Packages
- CKS Exam Series
Linux Foundation Simulator Sessions
Articles
Popular Articles
prev
next
Latest Articles
prev
next
