Knative - The Security Platypus? - Ariel Shuper, Aqua Security

less than 1 minute read

Abstract

Knative provides a way to extend Kubernetes to run serverless workloads. Although it runs as pods, given the nature of those workloads it requires an approach to security that is distinct from standard Kubernetes security practices. As 18th century explorers were wondering when they first encountered the platypus, is it a duck? an otter? or something else?In this talk Ariel reviews the serverless threat landscape, which is quite differentiated from the container equivalent, using examples of how coding mistakes may expose applications despite the extremely ephemeral workloads.This talk will show how combining preventative methods and more “offensive” methods such as tripwires can provide much better visibility and reduce the risk of Knative workloads being used as attack vehicles to reach other areas of the cluster or application.Finally, the platypus question will be resolved.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Knative - The Security Platypus? - Ariel Shuper, Aqua Security

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google