Given the growth and adoption of Kubernetes, a number of projects have been published in the OWASP community to help practitioners assess and secure the security of their containerized infrastructure including the recently released Top Ten for Kubernetes (https://owasp.org/www-project-kubernetes-top-ten/). This OSS project is a community-curated list of the most common Kubernetes risks backed by data collected from organizations varying in maturity and complexity. This session will discuss the project in detail, examples for each of the risks in the list, and how you can get involved.
Jimmy Mesta is the Co-Founder and CTO at KSOC (Kubernetes Security Operations Center). Prior to founding KSOC, Jimmy held senior leadership positions at a number of enterprises including Signal Sciences (acquired by Fastly) where he led a team of researchers and engineers. He has over a decade of experience building large-scale cloud security programs, delivering technical security training, publishing research, and securing some of the largest containerized environments in the world. Jimmy is a well-versed public speaker and has presented at global conferences including KubeCon, LocoMocoSec, RSA, NDC, CactusCon, and AppSec USA.