Certified Container Security Expert (CCSE)TM
Container Security Expert is the training program for professionals tasked with securing the container environment. The course allows you to get hands-on experience as you work with live containers in our lab, gaining significant insights that will arm you to secure a containerized platform in any environment.
After the training, you will be able to:
- Building solid foundations that are required to understand the container security landscape
- Embedding security while creating, building container
images, and securing running containers - Gaining knowledge in limiting the blast radius in case of a container compromise
- Gaining expert skills in analyzing container weaknesses, attacking containers, and defending containers through various tools and tactics
- Gaining abilities to apply practical container security skills in real-world container deployments
Check Out Reviews
-
Self-paced Learning Mode
-
Browser-based Lab Access
-
24/7 Instructor Support via Mattermost
Prerequisites
- Course participants should have knowledge of running basic Linux commands like ls, cd, mkdir, etc.,
Chapter 1: Introduction to Containers
- What is a container?
- Basics of a container and its challenges
- Container vs. Virtualization
-
- Container Advantages
- Container Disadvantages
-
- Container fundamentals
-
- Namespaces
- Cgroup
- Capabilities
-
- Docker architecture and its components
-
- Docker CLI
- Docker Engine (Daemon, API)
- Docker Runtime (containerd, shim, runc)
-
- Interacting with container ecosystem
-
- Docker images and image layers
- Build Container images using Dockerfile
- Docker image repository
- Running a container
-
- Managing / Orchestrating multiple containers
-
- Using CLI/API to manage multiple containers
- Docker Compose
- Docker Swarm
- Kubernetes
-
- Docker alternatives
-
- Podman
- CRI-O
-
- Hands-on Exercises:
- Working With Docker Command
- Docker Networking
- Manage Data in Docker
- Create Docker Image using Dockerfile
- Writing Dockerfile
- How To Use Container Registry
- Learn Docker Compose
- Working With Docker SDK
- Creating Container Snapshots
Chapter 2: Container Reconnaissance
- Overview of Container Security
- Attack surface of the container ecosystem
- Identifying the components and their security state
-
- Get an inventory of containers
- Docker Images
- Dockerfile and Environment variables
- Docker volumes
- Docker Networking
- Ports used/Port forwarding
- Docker Registries
- Exhaustive review of Namespaces, cgroups and capabilities
- Get an inventory of containers
-
- Analysis of the attack surface
-
- Using native tools
- Using third-party tools
-
- Hands-on Exercises:
- Using Built-in Docker Tools for Reconnaissance
- Use Third-party Tools for Image Inspection
- Scanning the Remote Host for Unauthenticated Docker API Access
- Identify a Container and Extract Sensitive Information
- Create and Restore a Snapshot of the Container for Further Analysis
Chapter 3: Attacking Containers and Containerized Apps
Note: Every topic/sub topic has an exercise in this module
- Containers Attack Matrix
- Image-based attacks
-
- Malicious Images
- Extracting passwords, tokens, TLS certs, etc.
- Exploiting vulnerable components
-
- Registry-based attacks
-
- Insecure Docker registries
- Open Docker registries
- Lack of authorization (RBAC)
-
- Container-based attacks
-
- Manipulating the Privileged mode containers
- Attacking mounted docker volumes
- Abusing SetUID/SetGID binaries
- Exploiting shared namespaces
- Attacking Linux capabilities
-
- Docker host (Daemon) / kernel attacks
-
- Exploiting unauthenticated Docker API
- Insecure Docker endpoint
- Lack of network segregation
- Denial of service attacks
- Kernel exploits
-
- Privilege escalation methods in Docker
- Security misconfigurations
- Attacking management tools (Portainer)
- Exploiting OWASP Top 10 issues in containerized apps
- Security misconfigurations
- Hands-on Exercises:
- Backdooring Docker Image
- Inspecting Docker Daemon Activity
- Malicious Container Image
- Exploiting Containerized Apps
- Unsecured Docker Daemon
- Docker Exploitation using deepce
- Attacking Misconfigured Docker Registry
Chapter 4: Defending Containers and Containerized Apps on Scale
- Container image security
-
- Building secure container images
- Choosing base images
- Distroless images
- Scratch images
- Security Linting of Dockerfiles
- Static Analysis(SCA) of container images
- Scan for vulnerabilities in container
- Choosing the right container scanner tool for your needs
- Building secure container images
-
- Docker Daemon security configurations
-
- Docker user remapping
- Docker runtime security (gVisor, Kata)
- Docker socket configuration
- fd
- TCP socket
- TLS authentication
- Dynamic Analysis of the container hosts and daemons
-
- Docker host security configurations
-
- Kernel Hardening using Seccomp and AppArmor
- Custom policy creation using Seccomp and AppArmor
-
- Network Security in containers
-
- Segregating networks
-
- Misc Docker Security Configurations
-
- Content Trust and Integrity checks
-
- Docker Registry security configurations
-
- Private vs. Public Registries
- Authentication and Authorization (RBAC)
- Built-in Image scanning capabilities
- Policy enforcement
- DevOps CI/CD Integration
-
- Docker Tools, Techniques and Tactics
-
- Tools
- Dive (Forensic)
- Dockle
- Techniques
- Tactics
- Tools
-
- Hands-on Exercises:
- Static Analysis using Hadolint
- Scanning Docker for Vulnerabilities With Trivy
- Embedding Trivy Scanning in GitLab CI
- Build a Secure, Miniature Image With Distroless To Minimize Attack Footprint
- Minimize Docker Security Misconfigurations With CIS Compliance
- Securing Container Images by Default Using Harbor
- Signing Container Images for Trust
Chapter 5: Security Monitoring of Containers
- Monitoring Docker events, logs
- Incident response in containers
- Docker runtime prevention
- Policy creation, enforcement, and management
- Docker security monitoring using Wazuh
- Hands-on Exercises:
- Auditing Docker using AuditD
- Sysdig Falco – Runtime Protection and Monitoring
- Tracee – Runtime Security
Practical DevSecOps Certification Process
- After completing the course, you can schedule the CCSE exam on your preferred date.
- Process of achieving Practical DevSecOps CCSE Certification can be found on the exam and certification page.