Certified Container Security Expert CCSE

Linux containers allow both developers and IT operations to create a portable, lightweight, and self-sufficient environment for every application. However, securing containerized environments is a significant concern for Dev/Sec/Ops teams.

The Container Security Expert course provides the tools, techniques, and tactics to audit, secure, and monitor containers in production environments. 

Container Security Expert is the training program for professionals tasked with securing the container environment. The course allows you to get hands-on experience as you work with live containers in our lab, gaining significant insights that will arm you to secure a containerized platform in any environment. 

In addition, you will learn, step-by-step, how to securely manage all aspects of container security.

You will start the course with container basics, core components of container technology, and ways to interact with the container. Once you learn the fundamentals, you will gain hands-on experience with a series of realistic attack scenarios like privilege escalation, container breakouts, and security misconfigurations. 

Finally, you will work your way through 50+ labs in this course until you can confidently detect and remediate advanced security issues in Linux containers in both on-prem and on-cloud environments.

After the training, you will be able to:

Prerequisites

  1. Course participants should have knowledge of running basic Linux commands like ls, cd, mkdir, etc.,

Learning Objectives

  1. Building solid foundations that are required to understand the container security landscape
  2. Embedding security while creating, building container images, and securing running containers
  3. Gaining knowledge in limiting the blast radius in case of a container compromise
  4. Gaining expert skills in analyzing container weaknesses, and attacking containers, and defending containers through various tools and tactics
  5. Learning to monitor containers for detecting anomalies and responding to threats
  6. Gaining abilities to apply practical container security skills in real-world container deployments

Module 1: Introduction to Containers

  1. What is a container?
  2. Basics of a container and its challenges
  3. Container vs. Virtualization
    1. Container Advantages
    2. Container Disadvantages
  4. Container fundamentals
    1. Namespaces
    2. Cgroup
    3. Capabilities
  5. Docker architecture and its components
    1. Docker CLI
    2. Docker Engine (Daemon, API)
    3. Docker Runtime (containerd, shim, runc)
  6. Interacting with container ecosystem
    1. Docker images and image layers
    2. Build Container images using Dockerfile
    3. Docker image repository
    4. Running a container
    5. Storing data in a container (mounts, volumes, etc.)
    6. Networking in containers
  7. Managing / Orchestrating multiple containers
    1. Using CLI/API to manage multiple containers
    2. Docker Compose
    3. Kubernetes
    4. Nomad
  8. Docker alternatives(Podman, rkt)
  9. Hands-on Exercises:
    1. Learn Docker commands
    2. Create Docker Image using Dockerfile
    3. Networking in Docker
    4. Learn how to work with data in a container
    5. How to use container registry
    6. Writing the Dockerfile
    7. Learn Docker Compose

Module 2: Container Reconnaissance

  1. Overview of Container Security
  2. Attack surface of the container ecosystem
  3. Analysis of the attack surface
    1. Using native tools
    2. Using third-party tools
  4. Identifying the components and their security state
    1. Get an inventory of containers
      1. Environment variables
      2. Docker volumes
      3. Networking
      4. Ports used/Port forwarding
    2. Capabilities and namespaces in Docker
  5. Hands-on Exercises:
    1. Scanning the remote host for unauthenticated Docker API access
    2. Identify a container and extract sensitive information
    3. Identify misconfigurations in namespace, capabilities, and networking
    4. Create and restore a snapshot(tar) of the container for further analysis

Module 3: Attacking Containers and Containerized Apps

Note: Every topic/sub topic has an exercise in this module

  1. Image-based attacks
    1. Malicious Images
    2. Extracting passwords, tokens, TLS certs, etc.,
    3. Exploiting vulnerable components
  2. Registry-based attacks
    1. Insecure Docker registries
    2. Open Docker registries
    3. Lack of authorization (RBAC)
  3. Container-based attacks
    1. Manipulating the Privileged mode containers
    2. Attacking mounted docker volumes
    3. Abusing SetUID/SetGID binaries
    4. Exploiting shared namespaces
    5. Attacking Linux capabilities
  4. Docker host (Daemon) / kernel attacks
    1. Exploiting unauthenticated Docker API
    2. Insecure Docker endpoint
    3. Lack of network segregation
    4. Denial of service attacks
    5. Kernel exploits
  5. Privilege escalation methods in Docker
  6. Security misconfigurations
    1. Attacking management tools (Portainer)
    2. Exploiting OWASP Top 10 issues in containerized apps

Module 4: Defending Containers and Containerized Apps on Scale

  1. Container image security
    1. Building secure container images
      1. Choosing base images
      2. Distroless images
      3. Scratch images
    2. Security Linting of Dockerfiles
    3. Static Analysis of container images
    4. Static Analysis library for container
  2. Docker host security configurations
    1. Kernel Hardening using SecComp and AppArmor
    2. Custom policy creation using SecComp and AppArmor
  3. Docker Daemon security configurations
    1. Docker user remapping
    2. Docker runtime security (gVisor, Kata)
    3. Docker socket configuration 
      1. fd
      2. TCP socket
      3. TLS authentication
    4. Dynamic Analysis of the container hosts and daemons
  4. Network Security in containers
    1. Segregating networks
  5. Misc Docker Security Configurations
    1. Content Trust and Integrity checks
  6. Docker Registry security configurations
    1. Internal vs. Public Registries
    2. Authentication and Authorization (RBAC)
    3. Image scanning
    4. Policy enforcement
    5. DevOps CI/CD Integration
  7. Docker Tools, Techniques and Tactics
    1. Tools
      1. Dive
      2. Dockle
    2. Techniques
    3. Tactics
  8. Hands-on Exercises:
    1. Minimize security misconfigurations in Docker with CIS
    2. Build a secure & most miniature image to minimize the footprint
    3. Build a distro less image to reduce the footprint
    4. Docker Content Trust with Notary
    5. Securing the container by default using Harbor
    6. Scanning Docker for vulnerabilities with Trivy

Module 5: Security Monitoring of Containers

  1. Monitoring and incident response in containers
  2. Docker events
  3. Docker logs
  4. Docker runtime prevention
  5. Security monitoring using Wazuh
  6. Policy creation, enforcement, and management
  7. Hands-on Exercises:
    1. Anchore Engine – Policy creation and enforcement
    2. VMWare Harbor – Securing Docker image with Harbor
    3. Sysdig Falco – Runtime protection and monitoring
    4. Tracee – Runtime security

Practical DevSecOps Certification Process

  1. After completing the course, you can schedule the CCSE exam on your preferred date.
  2. Process of achieving Practical DevSecOps CCSE Certification can be found here.

Ready to learn DevSecOps?

Get in touch, or Register now!