The Hacker’s Guide to Kubernetes Security by Patrycja Wegrzynowicz

Kubernetes is the most popular container orchestration platform for automated deployment, scaling, and management of containerized applications. With more and more applications running in Kubernetes, it is crucial to understand Kubernetes security risks. This talk guides you through various security risk of Kubernetes, focusing on OWASP Kubernetes Top 10 list. In live demos, you’ll find out how to exploit a range of past and present CVEs or misconfigurations in your k8s clusters, attacking containers, pods, supply chain, network, or storage. You’ll learn about common mistakes and vulnerabilities along with the best practices for hardening your Kubernetes systems. Patrycja Wegrzynowicz Patrycja is a lead engineer at Form3, Financial Cloud, working on multi-cloud connectivity and improving scalability and performance of UK payments. She is also the founder of Yon Labs, a startup focusing on automated tools for detection and refactoring of security vulnerabilities, performance anti-patterns, or cloud issues and providing consultancy in Java and cloud technologies. She is a regular speaker at software conferences, including CodeOne, JavaOne, Devoxx, JFokus, and others. She was awarded an Oracle Groundbreaker Ambassador title in 2020 and 2021. She was also named as one of Top 10 Women in Tech in Poland in 2016. Her interests focus on automated software engineering, mainly static and dynamic analysis techniques to support software verification, optimization, and deployment. ------------------------------------------------------------ INTRO * visuals & editing by @Mercator * music : Avocado by Ephixa