CloudNativeSecurityCon North America 2024

In this tutorial we will cover how to get started with tetragon. Show how to use the tetra cli to filter and examine interesting events at runtime and shore up our ship against boarders! Come prepared to this tutorial with a laptop. We will be using instruqt to explore!

Zero Trust principles represent a departure for how systems traditionally communicate with each other. Instead of long-lived credentials, access is granted based on caller identity to enable elevated security controls. Most public cloud providers and hosted solutions support assigning identities to workloads and has been enabled in many applications and frameworks. However, many end users are unaware of the baseline fundamental concepts. In this interactive tutorial, attendees will dive into the world of workload identity management, their components, how identities are generated, and where they can be used. By leveraging SPIFFE and SPIRE, CNCF projects providing tools for establishing trust between systems, we'll showcase how workload identities can be used beyond the Public Cloud to secure applications and systems in any environment. Upon completion, participants will have the knowledge, skills, and real world examples to implement these patterns in their own environments.

Everyone likes consistent security rules, as long as they are your own rules. But keeping dozens or hundreds of repos consistent is no easy task. Minder, an open source supply chain security platform, allows you to write your own rules for what “good” looks like, and then apply them consistently to your GitHub configuration, source code, Actions, and Images. In this tutorial, you’ll learn how to write your own Rego rules for Minder, and apply them across multiple repositories. No more spreadsheets and shell scripts for keeping your supply chain secure.

Istio provides out-of-the-box network security tools- from mutual TLS (mTLS) encryption to powerful AuthorizationPolicies for access control. However, misconfigurations can expose vulnerabilities, compromising the security of the entire mesh. The new Ambient mode in Istio removes the need for sidecars but requires new considerations when configuring access control at different network layers. The tutorial will provide Kubernetes clusters with Istio installed and some vulnerabilities ready for you to exploit and learn from. After an introduction to Istio, we will provide time for participants to find and exploit the Istio misconfigurations (with hints if you get stuck!). We will wrap up the tutorial by walking through the steps to find the flag hidden on the cluster. This is a beginner-friendly, hands-on, collaborative tutorial to learn the importance of correctly configuring Istio security policies and what can go wrong if misconfiguration slips through the cracks.