advanced search
Do you have any questions?
+420 731 175 867 (Mo-Fr: 9A.M.-5P.M.)
EN
0 Basket

Certified Cloud Native Security Expert (CCNSE)

Course code: CCNSE

The Certified Cloud-Native Security Expert (CCNSE) is a vendor-neutral cloud-native certification program in security. This Cloud-Native course covers topics in security such as Introduction to Cloud-Native Concepts and its Security, Containers, and Container Security, Introduction to Kubernetes, Hacking Kubernetes Cluster, Kubernetes Authentication and Authorization, Kubernetes Admission Controllers, Defending Kubernetes Cluster, Kubernetes Network Security, Kubernetes Data Security.

Course Inclusions:

  • Course Manual
  • Course Videos and Checklists
  • 40+ Guided Exercises
  • 60 days Online Lab Access
  • Access to a dedicated Matter channel
  • One exam attempt for Certified Cloud-Native Security Expert
940 EUR

1 137 EUR including VAT

Selection of dates
onas
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

View soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: Upon request

Type: E-learning

Course duration: 60 days

Language: en

Price without VAT: 940 EUR

Register

Starting
date		 Place
Type Course
duration		 Language Price without VAT
Upon request E-learning 60 days en 940 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Course description

Upon completion of the course, you will be able to:

  • Build a solid foundation that is required to understand the container and Kubernetes security landscape.
  • Gain the necessary skills to analyze, assess, evaluate, and secure applications; APIs and microservices; containers; and Kubernetes.
  • Gain a practical understanding of how to hack misconfigured Kubernetes workloads.
  • Learn and implement different ways of Authentication and Authorization methods used in Kubernetes.
  • Learn how different Admission controllers help apply defense in depth to regulate and audit workloads in a Kubernetes Cluster.
  • Learn, apply and practice different techniques to manage clusterwide data in a distributed setup.
  • Practice and implement a myriad of techniques to secure secrets and other sensitive data processed and consumed in a Kubernetes Cluster.
  • Experience Network security and Zero Trust in action using Network policies and Service Meshes.
  • Gain the necessary skills to Defend Kubernetes cluster from most common attacks.

Course structure

Chapter 1: Introduction to Cloud-Native Concepts and its Security

  • Course Introduction (About the course, syllabus, and how to approach it)
  • About Certification and how to approach it
  • Lab Environment
  • Lifetime course support (Mattermost)
  • Overview of the Cloud Native Technologies
  • The 4C’s of Cloud-Native Security
    • Cloud
    • Clusters
    • Containers
    • Code (SCA, SAST, DAST) – DevSecOps
  • Security and Threat Model of Cloud-Native technologies
    • Overview of Cloud Security
    • Overview of Container Security (Container Vulnerability, Supply Chain Attack, Least Privilege)
    • Overview of Kubernetes Security
    • Overview of Microservices Security
  • Hands-on Exercise: Learn how to use our browser-based lab environment

Chapter 2: Introduction to Microservices Architecture

  •  The need for microservices
  •  Monolith vs Microservices
  •  Technical and Business pros and cons of Microservices
  •  Tools of the trade
      • Source code management
      • CI/CD tools
      • Artefact management
      • Cloud Platform
      • Infrastructure as code
      • Monitoring and logging tools
      • Collaboration tools
  • REST APIs
      • What is an API
      • API Security
      • Introduction to OWASP API Top 10
        • Software Component Analysis of API
        • Static Application Security Testing of API
        • Dynamic Application Security Testing of API
  • Hands-on Exercises:
    • Working With GitLab CI/CD
    • Advanced GitLab CI/CD
    • Continuous Deployment Using GitLab

Chapter 3: Containers and Container Security

  • What is a container?
  • Container vs Virtualization
      • Container Advantages
      • Container Disadvantages
  • Docker Architecture and its components
      • Command Line Interface(CLI)
      • Engine (Daemon, API)
      • Runtime (containerd, shim, runc)
  • Basics of container technology and its challenges
  • Container fundamentals
      • Namespaces
      • Cgroup
      • Capabilities
  • Ways to interact with container ecosystem
  • Container security issues
  • Container Defenses
  • Hands-on Exercises:
    • Working With Docker Command
    • Create Docker Image Using Dockerfile
    • Malicious Container Image
    • Build a Secure, Miniature Image With Distroless To Minimize Attack Footprint
    • How To Use Container Registry
    • Attacking Misconfigured Docker Registry
    • Signing Container Images for Trust
    • Securing Container Using Seccomp
    • Exploiting Containerized Application
    • Docker Privilege Escalation

Chapter 4: Introduction to Kubernetes

  • Introduction to Kubernetes
  • Kubernetes Use Cases
  • Kubernetes Architecture (Core Components)
      • Cluster, Nodes, and Pods
      • API Server
      • Controller Manager
      • Etcd
      • kube-scheduler
      • kubelet
      • Kube-proxy
      • Container Runtime
  • Bootstrapping the Kubernetes cluster
  • Kubernetes Package Manager
      • Understanding Helm Workflow
      • Creating Helm Charts
  • Hands-on Exercises:
    • Bootstrapping the Kubernetes Cluster Using kubeadm
    • Kubernetes Basics Component
    • Working With Kubernetes
    • Kubernetes Secrets
    • Kubernetes Service Accounts
    • Kubernetes Storage
    • Kubernetes Networking Using Calico

Chapter 5: Hacking Kubernetes Cluster

  • Kubernetes Attack Surface and Threat Matrix
  • Common Kubernetes security issues
  • Differences in k8s installations (support for PSP vs no PSP)
  • Hands-on Exercises:
    • Kubernetes Reconnaissance Through Port Scanning
    • Hacking Kubernetes Using Kubernetes Dashboard
    • Reconnaissance Using kube-hunter
    • Crashing Kubernetes cluster
    • Exploiting Kubelet API
    • Exploiting Privileged Containers
    • Compromising Kubernetes Secrets
    • Supply Chain Attack Using Poisoned Image
    • Supply Chain Attack Using Malicious Helm Chart
    • Sniffing Kubernetes Network Traffic

Chapter 6: Kubernetes Authentication and Authorization

  • Fundamentals of Kubernetes Authentication and Authorization
  • Authentication mechanisms in Kubernetes
      • Authentication with Client Certificates
      • Authentication with Bearer Tokens
      • HTTP Basic Authentication
      • Remote Authentication
  • Authorization mechanisms in Kubernetes
      • Node Authorization
      • Attribute Based Access Control (ABAC)
      • Role-Based Access Control (RBAC)
  • Hands-on Exercises:
    • Creating Kubernetes Users Using Certificates
    • Kubernetes Authentication Using Keycloak
    • Find Misconfigured RBAC Using KubiScan
    • Static Analysis of the Access Control Using Krane

Chapter 7: Kubernetes Admission Controllers

  • Fundamentals of Admission Controllers
  • Static Admission Controllers
      • LimitRanger
      • DefaultStorageClass
      • AlwaysPullImages
  • Dynamic Admission Controllers
      • Introduction to Custom Admission Controllers
      • Working with Custom Admission WebHooks
      • Authenticating API Servers
      • Open Policy Agent (OPA) and Rego Policies
      • Using OPA with Kubernetes
      • OPA Gatekeeper
      • OPA Kube-mgmt vs OPA Gatekeeper
  • Pod Security Context
  • Pod Security Policies
  • Pod Security Admission
      • Pod Security Standards
      • Policy Modes
      • Applying Policies
  • Different Options to Write Custom Policies for K8s
  • Hands-on Exercises:
    • Enforcing Custom Resource Limits With LimitRanger
    • Enforcing Images Are Always Pulled With Authorization
    • Enforced Trusted Images Using OPA Gatekeeper

Chapter 8: Kubernetes Data Security

  • Kubernetes Data Storage mechanisms
      • Image Layers
      • Container Mounts and Volumes
      • Distributed Volumes in Kubernetes
      • Persistent Volumes on Cloud
      • Dynamically Provisioning Cloud Storage for Workloads
  • Managing secrets in traditional infrastructure
  • Managing secrets in containers at Scale
      • Exploring Secret Storage Options
      • Kubernetes Secrets Object
      • Encrypted Configurations
      • Managing Encryption Keys in External KMS
      • Encrypting Secret Objects in Version Control Systems
      • Mozilla SOPS for Secret OPerationS
      • Introducing Secrets Store CSI Drivers
      • Environment Variables and Volume Mounts
      • Injecting Secrets with Hashicorp Vault
  • Sanning for Secrets Exposure
  • Hands-On Exercises: 
    • Encrypting Kubernetes Secrets at Rest
    • Storing Secrets Securely Using HashiCorp Vault
    • Managing Secrets Using Sealed Secrets
    • Kubernetes Image Scanning Using Trivy

Chapter 9: Kubernetes Network Security

  • Introduction to Kubernetes Networking
      • Kubernetes Networking Architecture
      • Challenges with Kubernetes Networking
  • Network Policies in Kubernetes
      • Network Policy and Its Characteristics
      • Anatomy of a Network Policy
  • Fallacies of Distributed Computing
  • Service Mesh Architecture
      • Exploring Linkerd
      • Zero Trust with Consul Connect
      • Service Identities with Istio
  • Hands-on exercises:
    • Writing Network Policies in Kubernetes
    • Kubernetes Ingress Using NGINX Ingress
    • Implementing a Service Mesh and mTLS With Istio
    • Implementing a Service Mesh With Linkerd
    • Enforce Zero Trust Networking Using Consul Connect

Chapter 10: Defending Kubernetes Cluster

  • Compliance and Governance
      • Kubernetes Compliance with Kubebench
      • Kubernetes Compliance with Inspec
  • Threat Modeling for Kubernetes
  • Static Analysis of Kubernetes clusters
  • Building Secure Container Images
  • Dynamic and Runtime Security Analysis
  • Security Monitoring
  • Hands-on Exercises:
    • Principle of Least Privileges Using Role-Based Access Control
    • Kubernetes Static Analysis
    • Performing Static Analysis of Manifest Files in CI/CD Pipeline
    • Defining Kubernetes Resource Quotas
    • Kubernetes Compliance Using CIS Benchmarks
    • Securing Kubernetes Workloads Using gVisor
    • Security Monitoring of Kubernetes Cluster Using Wazuh
    • Kubernetes Threat Detection Using Falco
    • Threat Hunting With Kubernetes Audit Logs

Prerequisites

  • Course participants should have knowledge of running basic Linux commands like ls, cd, mkdir, etc.,
  • Basic knowledge in container technology and k8s helps but is needed.
  • Understanding of OWASP Top 10 vulnerabilities

Do you need advice or a tailor-made course?

onas

product support

+420 731 175 867

edu@edutrainings.cz

Certification

After completing the course, you can schedule the CCNSE exam on your preferred date.

ComGate payment gateway MasterCard Logo Visa logo