Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hello From the Other Side

Ian Coldwater
November 21, 2019

Hello From the Other Side

Attackers have user stories too. Are you designing with them in mind?

As an attacker, Ian Coldwater would like to help you understand these users and their stories. What do their mindsets, motivations and methodologies look like? What do attackers look for when they look at a Kubernetes context, what do they do when they get in there, and what can you do to help protect your clusters and code against them?

Being able to understand these perspectives can help you broaden your own. Let’s explore them together, and learn how to build stronger, more secure systems accordingly.

Ian Coldwater

November 21, 2019
Tweet

More Decks by Ian Coldwater

Other Decks in Technology

Transcript

  1. My name is Ian Coldwater. I’m a Lead Platform Security

    Engineer at Heroku, a Salesforce company. I specialize in hacking and hardening Kubernetes, containers and cloud infrastructure. @IanColdwater
  2. WHAT IS YOUR THREAT MODEL? • What are you trying

    to protect? • Who are you trying to protect it from? @IanColdwater
  3. WHAT’S IN YOUR GRAPH? • Know what you’re running, and

    understand it well. • What connects? What crosses? Where are the rough edges? • What would an attacker see? @IanColdwater
  4. GET PRACTICE • Capture the Flag: overthewire.org, picoctf.com, hackthebox.eu •

    goose.game • Play with your own systems! @IanColdwater
  5. RESOURCES • Kubernetes security audit • attack trees • attackers

    think in graphs • bug bounties and black swans • CIS benchmarks • https://k8s.io/security • github.com/kelseyhightower/ nocode - the best way to write secure and reliable applications! @IanColdwater