Certified Container Security Expert CCSE
Container Security Expert is the training program for professionals tasked with securing the container environment. The course allows you to get hands-on experience as you work with live containers in our lab, gaining significant insights that will arm you to secure a containerized platform in any environment.
After the training, you will be able to:
- Building solid foundations that are required to understand the container security landscape
- Embedding security while creating, building container
images, and securing running containers - Gaining knowledge in limiting the blast radius in case of a container compromise
- Gaining expert skills in analyzing container weaknesses, attacking containers, and defending containers through various tools and tactics
- Gaining abilities to apply practical container security skills in real-world container deployments


-
Self-paced Learning Mode
-
Browser-based Lab Access
-
24/7 Instructor Support via Mattermost

Prerequisites
- Course participants should have knowledge of running basic Linux commands like ls, cd, mkdir, etc.,

Module 1: Introduction to Containers
- What is a container?
- Basics of a container and its challenges
- Container vs. Virtualization
- Container Advantages
- Container Disadvantages
- Container fundamentals
- Namespaces
- Cgroup
- Capabilities
- Docker architecture and its components
- Docker CLI
- Docker Engine (Daemon, API)
- Docker Runtime (containerd, shim, runc)
- Interacting with container ecosystem
- Docker images and image layers
- Build Container images using Dockerfile
- Docker image repository
- Running a container
- Storing data in a container (mounts, volumes, etc.)
- Networking in containers
- Managing / Orchestrating multiple containers
- Using CLI/API to manage multiple containers
- Docker Compose
- Kubernetes
- Nomad
- Docker alternatives(Podman, rkt)
- Hands-on Exercises:
- Learn Docker commands
- Create Docker Image using Dockerfile
- Networking in Docker
- Learn how to work with data in a container
- How to use container registry
- Writing the Dockerfile
- Learn Docker Compose

Module 2: Container Reconnaissance
- Overview of Container Security
- Attack surface of the container ecosystem
- Analysis of the attack surface
- Using native tools
- Using third-party tools
- Identifying the components and their security state
- Get an inventory of containers
- Environment variables
- Docker volumes
- Networking
- Ports used/Port forwarding
- Capabilities and namespaces in Docker
- Get an inventory of containers
- Hands-on Exercises:
- Scanning the remote host for unauthenticated Docker API access
- Identify a container and extract sensitive information
- Identify misconfigurations in namespace, capabilities, and networking
- Create and restore a snapshot(tar) of the container for further analysis

Module 3: Attacking Containers and Containerized Apps
Note: Every topic/sub topic has an exercise in this module
- Image-based attacks
- Malicious Images
- Extracting passwords, tokens, TLS certs, etc.,
- Exploiting vulnerable components
- Registry-based attacks
- Insecure Docker registries
- Open Docker registries
- Lack of authorization (RBAC)
- Container-based attacks
- Manipulating the Privileged mode containers
- Attacking mounted docker volumes
- Abusing SetUID/SetGID binaries
- Exploiting shared namespaces
- Attacking Linux capabilities
- Docker host (Daemon) / kernel attacks
- Exploiting unauthenticated Docker API
- Insecure Docker endpoint
- Lack of network segregation
- Denial of service attacks
- Kernel exploits
- Privilege escalation methods in Docker
- Security misconfigurations
- Attacking management tools (Portainer)
- Exploiting OWASP Top 10 issues in containerized apps

Module 4: Defending Containers and Containerized Apps on Scale
- Container image security
- Building secure container images
- Choosing base images
- Distroless images
- Scratch images
- Security Linting of Dockerfiles
- Static Analysis of container images
- Static Analysis library for container
- Building secure container images
- Docker host security configurations
- Kernel Hardening using SecComp and AppArmor
- Custom policy creation using SecComp and AppArmor
- Docker Daemon security configurations
- Docker user remapping
- Docker runtime security (gVisor, Kata)
- Docker socket configuration
- fd
- TCP socket
- TLS authentication
- Dynamic Analysis of the container hosts and daemons
- Network Security in containers
- Segregating networks
- Misc Docker Security Configurations
- Content Trust and Integrity checks
- Docker Registry security configurations
- Internal vs. Public Registries
- Authentication and Authorization (RBAC)
- Image scanning
- Policy enforcement
- DevOps CI/CD Integration
- Docker Tools, Techniques and Tactics
- Tools
- Dive
- Dockle
- Techniques
- Tactics
- Tools
- Hands-on Exercises:
- Minimize security misconfigurations in Docker with CIS
- Build a secure & most miniature image to minimize the footprint
- Build a distro less image to reduce the footprint
- Docker Content Trust with Notary
- Securing the container by default using Harbor
- Scanning Docker for vulnerabilities with Trivy

Module 5: Security Monitoring of Containers
- Monitoring and incident response in containers
- Docker events
- Docker logs
- Docker runtime prevention
- Security monitoring using Wazuh
- Policy creation, enforcement, and management
- Hands-on Exercises:
- Anchore Engine – Policy creation and enforcement
- VMWare Harbor – Securing Docker image with Harbor
- Sysdig Falco – Runtime protection and monitoring
- Tracee – Runtime security

Practical DevSecOps Certification Process
- After completing the course, you can schedule the CCSE exam on your preferred date.
- Process of achieving Practical DevSecOps CCSE Certification can be found here.
Ready to learn DevSecOps?
Get in touch, or Register now!