In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Friday, April 21 • 11:00 - 11:35
Prevent Embarrassing Cluster Takeovers with This One Simple Trick! - Daniele de Araujo dos Santos & Shane Lawrence, Shopify

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Most cyber attacks and data breaches are caused by misconfigured settings, insecure defaults, and overly permissive controls. To avoid business impact, financial penalties, and embarrassment, we need to identify common mistakes and implement measures to prevent them without adding undue friction for developers. In this talk, Dani and Shane will demonstrate simple ways that malicious actors can exploit common misconfigurations in workloads to gain unauthorized access without relying on sophisticated attacks or 0-day vulnerabilities. They'll show how to avoid these risks using Kubeaudit, an open source scanner developed by their team at Shopify that provides a user-friendly way to detect and automatically mitigate configuration risks. They'll also discuss some of the challenges they've faced securing 1,000,000 running pods along with configuration files in a GitHub org with 15,000 repos. Attendees will learn a number of mistakes that could put their clusters at risk. They'll see how to detect and resolve these issues, without needing expert knowledge, while keeping developers happy.

avatar for Shane Lawrence

Shane Lawrence

Sr Staff Security Engineer, Shopify
Shane is a Staff Infrastructure Security Engineer at Shopify, where he's working on a multi-tenant platform that allows developers to securely build scalable apps and services for crafters, entrepreneurs, and businesses of all sizes.
avatar for Daniele Santos

Daniele Santos

Senior Infrastructure Security Engineer, Shopify
Dani Santos (she/her) is a Sr. Infrastructure Security Engineer, lately focusing on just-in-time access to sensitive cloud resources as well as running SAST and DAST scans to prevent security threats at Shopify.

Friday April 21, 2023 11:00 - 11:35 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity