Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Keeping Containers Afloat

Nir Valtman & Jason Patterson

0 vote(s)

Containerized solutions are known for decades, but only recently they became part of the DevOps hype. Since the containers are minimalistic, there is a perception that they tend to be more secure than other virtualized solutions. However, by modifying common exploits on pre-container generation infrastructure, these attacks can be more disruptive on orchestrated containerized solutions. The key factors that affect the sturdiness of a system are the speed of DevOps CI/CD pipelines, the challenge for security teams to automate everything, and reusing old infrastructure concepts on software defined networks (SDN), such as container orchestrations.

This talk is going to shed light on the defensive mechanisms that need to be considered when deploying containerized solutions, and will demonstrate effective attacks against them.


Nir Valtman heads the application security of the software solutions for NCR Corporation. Before the acquisition of Retalix by NCR, Nir lead the security of the R&D in the company. As part of his previous positions, he was working in several application security, penetration testing and systems infrastructure security positions. Nir is a frequent speaker at leading conferences around the world, including Black Hat, Defcon, RSA, BSides, OWASP etc. Nir has a Bachelor of Science in Computer Science but his knowledge is mainly based on cowboy learning and information sharing with the techno-oriented communities, such as blogging and releasing open source tools (including AntiDef, Cloudefigo and SAPIA).


Jason Patterson is an Application Security Architect at NCR, where he works on digital banking solutions and shaping the future through securing omni-channel solutions. Jason has designed and implemented many of the security controls protecting online banking products used by over 700 financial institutions. Prior to working at NCR, Jason has held positions in application and infrastructure security at PwC, AIG and Apple. Jason has more than 15 years of experience working in the computer security space, and holds a Bachelor of Science in CIS from California State Polytechnic University, Pomona, in addition to CISSP and CSSLP certifications.