2. Hello! !
• 20+ professional experience
software engineer, architect, researcher, head of R&D
• Author and speaker
JavaOne, CodeOne, Devoxx, JFokus, JavaZone, and more
• Top 10 Women in Tech in Poland
• Oracle Groundbreaker Ambassador, Oracle ACE
• Form3, Financial Cloud
Lead SRE Engineer
• Founder at Yon Labs
Automated tools for detection and refactoring of software defects.
Performance, security, concurrency.
Intro to Patrycja
3. Form3, Financial Cloud
Business Model
• Provides a payment platform for financial institution
• Integrates across multiple payment schemes
• Makes integration easier and quicker
Work Model
• Fully remote
• Pair programming
• Only senior engineers
Technology
• Multi-cloud platform: AWS, GCP, Azure
• Microservices: (mostly) Go and (little) Java
• Infrastructure as Code: Terraform
Why is Security Important?
4. Introduction to Kubernetes Architecture
Introduction to OWASP Kubernetes Top 10 &
MITRE ATT&K ® Threat Matrix for Kubernetes
Demos
Summary
01
02
03
04
Agenda
12. Demo Fun Time – Overview
• Demo application
https://codemotion.yonlabs.com
(or checkout X-Twitter: https://twitter.com/yonlabs)
register a new account
each account has a secret data
log in
wait to be hacked :D
• Objective
to hack your accounts and learn your secrets
hacking 101
Let the fun begin!
13. Bad Pods: Kubernetes Pod Privilege Escalation
• https://bishopfox.com/blog/kubernetes-pod-
privilege-escalation
• By: Seth Art, Principal Security Consultant
Demos
20. Bad Pods: Kubernetes Pod Privilege Escalation
• Bad Pod #1: Everything allowed
• Bad Pod #2: Privileged and hostPid
• Bad Pod #3: Privileged only
• Bad Pod #4: hostPath only
• Bad Pod #5: hostPID only
• Bad Pod #6: hostNetwork only
• Bad Pod #7: hostIPC only
• Bad Pod #8: Nothing allowed
Source: https://bishopfox.com/blog/kubernetes-pod-privilege-escalation