- Schedule
- Venue
- Speakers
- Training
- CFP
- Volunteer
- Recreation
- Blackshield Awards
- CTF
- Sponsors
- Exhibition
- Job Fair
- CXO Track
- Goa'17
- About Speakers
- Akash Mahajan
Workshop Title
Security Testing of Docker Containers and Applications
Abstract
Docker has taken the developer world by a storm and is poised to transform how majority of applications are built, deployed and operated. The application security world has to still fully come to grips with what are docker containers and how does one go about testing the infrastructure around them and the applications that they host.
This workshop is a technical introduction to get security folks started with assessment and testing of docker containers and the applications hosted inside them. We will take a completely hands-on approach where attendees will be given a VM they will use to learn the topic.
The main points that we plan to cover in the workshop are
- How to do recon of a docker container cluster
- How to do a white-box assessment using tools like CLAIR
- What if we find issues such as LFI, RFI, Command Injection in the app running inside the docker container
- Running scanning tools and docker-bench-scripts to harden things
The way the workshop is meant to be:
Distribution of the Virtual Machine already configured with docker engine and bunch of docker containers with vulnerable applications
Step by step instructions to teach the above mentioned points
Discussion around securing the host for docker containers using the CIS Benchmark document
Speaker Bio
An accomplished security professional with over a decade’s experience of providing specialist application and infrastructure consulting services at the highest levels to companies, governments and organisations around the world. Deep experience of working with clients to provide cutting edge security insight that truly reflects the commercial and operational needs of the organisation from strategic advice to testing and analysis to incident response and recovery.
An active participant in the international security community and conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP the global organisation responsible for defining the standards for web application security and as a co-founder of null India’s largest open security community. Akash is Director of Appsecco a multi-national company focused on Application Security.