Pentesting DevOps: Attacking Containers and Container Orchestration

Monolithic applications are a thing of the past but our job as security professionals is to review them from a security perspective. This talk will review container technologies (e.g. Docker, LXC) as well as container orchestration technologies (e.g. Kubernetes, Marathon). We will cover new container-centric OS's like CoreOS and what security implications exist for each. What is their threat model? What does a "pen test" against these technologies really mean? We'll include real-world exploit scenarios we've seen in client environments.

Presented by