Before you can help DevOps teams solve security problems and improve their security programs, you need to understand how they think, how they work, and the tools that they use.
Part 2: Kubernetes admission controllers play a critical role in enhancing the security of a Kubernetes cluster. They act as gatekeepers, intercepting requests to the Kubernetes API server before requests are processed and stored by the cluster. Learn how admission control policies written in Common Expression Language (CEL) or Open Policy Agent (OPA) Rego can enforce crucial policies such as denying containers using non-approved base images and stopping containers with invalid image signatures.
Explore the rest of the Cloud Flight Simulator Series:
Part 1: GitLab CI, Workflows, and Secrets
www.sans.org/webcasts/cloud-f...
Part 3: Safeguarding the Software Supply Chain
www.sans.org/webcasts/cloud-f...
Part 4: Least Privileged Pods with Kubernetes Workloads
www.sans.org/webcasts/cloud-f...
Learn more about SANS SEC540: Cloud and DevSecOps Automation course at www.sans.org/cyber-security-c...
About the Speaker: Ben Allen
Ben Allen is co-author of SEC540: Cloud Security and DevSecOps Automation, and a senior member of the SANS information security team. He applies knowledge gained over a decade of information security experience to problem domains ranging from packet analysis to policy development on an ongoing basis. Ben has contributed to security best practices for DevSecOps and operationalized DevOps techniques for security teams leading to improvements in release time and stability. Ben holds numerous SANS certifications, and a bachelor's degree in Electrical Engineering. Learn more about Ben at www.sans.org/profiles/ben-allen/
SANS Cloud Security Curriculum: www.sans.org/cloud-security
GIAC Cloud Security Certifications: www.giac.org/focus-areas/clou...
LinkedIn: / sanscloudsec
Discord: www.sansurl.com/cloud-discord
Twitter: @SANSCloudSec