🦝 Interactive Playground to Learn Kubernetes and Cloud Native Security

The presentation discusses the importance of understanding technology to solve security problems and the usefulness of the Kubernetes Goat project in learning and practicing Kubernetes security.

• There is a significant gap in knowledge in the security industry and the modern ecosystem due to the constant emergence of new tools and technologies.
• Understanding technology is crucial in solving security problems.
• The maturity model of a tool should be considered from a security point of view.
• The Kubernetes Goat project is a useful tool for learning and practicing Kubernetes security.
• The project has fantastic documentation and provides step-by-step guidance on various attack scenarios.
• The project also has examples of real-world attacks and solutions.
• The project has received feedback from the community and has a Discord channel for support.

Microsoft uses Kubernetes Goat to test if their defender is working in detecting attacks in Microsoft Azure Cloud. The project has also been adopted by security vendors.

Kubernetes Goat is a "vulnerable by design" Kubernetes Cluster environment to practice and learn about Kubernetes Security. In this session, Madhu Akula will present the latest version of the Kubernetes Goat by exploring different vulnerabilities in Kubernetes Cluster and Containerized environments. Also, he demonstrates the real-world vulnerabilities and maps the Kubernetes Goat scenarios with them.We see a ton of newly added vulnerabilities, CVEs, and mapping with some open source security tools to perform from writing developer code to deploying into production security using different layers like Infrastructure security, Supply chain security, and Runtime security. The newly added scenarios and documentation guide releases help even developers, DevOps teams, and security vendors to showcase and learn about security from attackers' perspectives.