Certified Container Security Expert (CCSE)

EDU Trainings s.r.o.

Popis kurzu

Obsah kurzu

Chapter 1: Introduction to Containers


What is a container?
Basics of a container and its challenges
Container vs. Virtualization



Container Advantages
Container Disadvantages




Container fundamentals



Namespaces
Cgroup
Capabilities




Docker architecture and its components



Docker CLI
Docker Engine (Daemon, API)
Docker Runtime (containerd, shim, runc)




Interacting with container ecosystem



Docker images and image layers
Build Container images using Dockerfile
Docker image repository
Running a container




Managing / Orchestrating multiple containers



Using CLI/API to manage multiple containers
Docker Compose
Docker Swarm
Kubernetes




Docker alternatives



Podman
CRI-O




Hands-on Exercises:

Working With Docker Command
Docker Networking
Manage Data in Docker
Create Docker Image using Dockerfile
Writing Dockerfile
How To Use Container Registry
Learn Docker Compose
Working With Docker SDK
Creating Container Snapshots



Chapter 2: Container Reconnaissance


Overview of Container Security
Attack surface of the container ecosystem
Identifying the components and their security state



Get an inventory of containers

Docker Images
Dockerfile and Environment variables
Docker volumes
Docker Networking
Ports used/Port forwarding
Docker Registries


Exhaustive review of Namespaces, cgroups and capabilities




Analysis of the attack surface



Using native tools
Using third-party tools




Hands-on Exercises:

Using Built-in Docker Tools for Reconnaissance
Use Third-party Tools for Image Inspection
Scanning the Remote Host for Unauthenticated Docker API Access
Identify a Container and Extract Sensitive Information
Create and Restore a Snapshot of the Container for Further Analysis



Chapter 3: Attacking Containers and Containerized Apps

Note: Every topic/sub topic has an exercise in this module

Containers Attack Matrix
Image-based attacks



Malicious Images
Extracting passwords, tokens, TLS certs, etc.
Exploiting vulnerable components




Registry-based attacks



Insecure Docker registries
Open Docker registries
Lack of authorization (RBAC)




Container-based attacks



Manipulating the Privileged mode containers
Attacking mounted docker volumes
Abusing SetUID/SetGID binaries
Exploiting shared namespaces
Attacking Linux capabilities




Docker host (Daemon) / kernel attacks



Exploiting unauthenticated Docker API
Insecure Docker endpoint
Lack of network segregation
Denial of service attacks
Kernel exploits




Privilege escalation methods in Docker

Security misconfigurations

Attacking management tools (Portainer)
Exploiting OWASP Top 10 issues in containerized apps




Hands-on Exercises:

Backdooring Docker Image
Inspecting Docker Daemon Activity
Malicious Container Image
Exploiting Containerized Apps
Unsecured Docker Daemon
Docker Exploitation using deepce
Attacking Misconfigured Docker Registry



Chapter 4: Defending Containers and Containerized Apps on Scale


Container image security



Building secure container images

Choosing base images
Distroless images
Scratch images


Security Linting of Dockerfiles
Static Analysis(SCA) of container images
Scan for vulnerabilities in container

Choosing the right container scanner tool for your needs






Docker Daemon security configurations



Docker user remapping
Docker runtime security (gVisor, Kata)
Docker socket configuration

fd
TCP socket
TLS authentication


Dynamic Analysis of the container hosts and daemons




Docker host security configurations



Kernel Hardening using Seccomp and AppArmor
Custom policy creation using Seccomp and AppArmor




Network Security in containers



Segregating networks




Misc Docker Security Configurations



Content Trust and Integrity checks




Docker Registry security configurations



Private vs. Public Registries
Authentication and Authorization (RBAC)
Built-in Image scanning capabilities
Policy enforcement
DevOps CI/CD Integration




Docker Tools, Techniques and Tactics



Tools

Dive (Forensic)
Dockle


Techniques
Tactics




Hands-on Exercises:

Static Analysis using Hadolint
Scanning Docker for Vulnerabilities With Trivy
Embedding Trivy Scanning in GitLab CI
Build a Secure, Miniature Image With Distroless To Minimize Attack Footprint
Minimize Docker Security Misconfigurations With CIS Compliance
Securing Container Images by Default Using Harbor
Signing Container Images for Trust



Chapter 5: Security Monitoring of Containers


Monitoring Docker events, logs
Incident response in containers
Docker runtime prevention
Policy creation, enforcement, and management
Docker security monitoring using Wazuh
Hands-on Exercises:

Auditing Docker using AuditD
Sysdig Falco – Runtime Protection and Monitoring
Tracee – Runtime Security

Certifikát Na dotaz.

Hodnocení