Certified Container Security Expert (CCSE)

1. Course participants should have knowledge of running basic Linux commands like ls, cd, mkdir, etc.,

1. What is a container?
2. Basics of a container and its challenges
3. Container vs. Virtualization
   1. 1. Container Advantages
      2. Container Disadvantages
4. Container fundamentals
   1. 1. Namespaces
      2. Cgroup
      3. Capabilities
5. Docker architecture and its components
   1. 1. Docker CLI
      2. Docker Engine (Daemon, API)
      3. Docker Runtime (containerd, shim, runc)
6. Interacting with container ecosystem
   1. 1. Docker images and image layers
      2. Build Container images using Dockerfile
      3. Docker image repository
      4. Running a container
7. Managing / Orchestrating multiple containers
   1. 1. Using CLI/API to manage multiple containers
      2. Docker Compose
      3. Docker Swarm
      4. Kubernetes
8. Docker alternatives
   1. 1. Podman
      2. CRI-O
9. Hands-on Exercises:
   1. Working With Docker Command
   2. Docker Networking
   3. Manage Data in Docker
   4. Create Docker Image using Dockerfile
   5. Writing Dockerfile
   6. How To Use Container Registry
   7. Learn Docker Compose
   8. Working With Docker SDK
   9. Creating Container Snapshots

1. Overview of Container Security
2. Attack surface of the container ecosystem
3. Identifying the components and their security state
   1. 1. Get an inventory of containers
         1. Docker Images
         2. Dockerfile and Environment variables
         3. Docker volumes
         4. Docker Networking
         5. Ports used/Port forwarding
         6. Docker Registries
      2. Exhaustive review of Namespaces, cgroups and capabilities
4. Analysis of the attack surface
   1. 1. Using native tools
      2. Using third-party tools
5. Hands-on Exercises:
   1. Using Built-in Docker Tools for Reconnaissance
   2. Use Third-party Tools for Image Inspection
   3. Scanning the Remote Host for Unauthenticated Docker API Access
   4. Identify a Container and Extract Sensitive Information
   5. Create and Restore a Snapshot of the Container for Further Analysis

Note: Every topic/sub topic has an exercise in this module

1. Containers Attack Matrix
2. Image-based attacks
   1. 1. Malicious Images
      2. Extracting passwords, tokens, TLS certs, etc.
      3. Exploiting vulnerable components
3. Registry-based attacks
   1. 1. Insecure Docker registries
      2. Open Docker registries
      3. Lack of authorization (RBAC)
4. Container-based attacks
   1. 1. Manipulating the Privileged mode containers
      2. Attacking mounted docker volumes
      3. Abusing SetUID/SetGID binaries
      4. Exploiting shared namespaces
      5. Attacking Linux capabilities
5. Docker host (Daemon) / kernel attacks
   1. 1. Exploiting unauthenticated Docker API
      2. Insecure Docker endpoint
      3. Lack of network segregation
      4. Denial of service attacks
      5. Kernel exploits
6. Privilege escalation methods in Docker
   1. Security misconfigurations
      1. Attacking management tools (Portainer)
      2. Exploiting OWASP Top 10 issues in containerized apps
7. Hands-on Exercises:
   1. Backdooring Docker Image
   2. Inspecting Docker Daemon Activity
   3. Malicious Container Image
   4. Exploiting Containerized Apps
   5. Unsecured Docker Daemon
   6. Docker Exploitation using deepce
   7. Attacking Misconfigured Docker Registry

1. Container image security
   1. 1. Building secure container images
         1. Choosing base images
         2. Distroless images
         3. Scratch images
      2. Security Linting of Dockerfiles
      3. Static Analysis(SCA) of container images
      4. Scan for vulnerabilities in container
         1. Choosing the right container scanner tool for your needs
2. Docker Daemon security configurations
   1. 1. Docker user remapping
      2. Docker runtime security (gVisor, Kata)
      3. Docker socket configuration 
         1. fd
         2. TCP socket
         3. TLS authentication
      4. Dynamic Analysis of the container hosts and daemons
3. Docker host security configurations
   1. 1. Kernel Hardening using Seccomp and AppArmor
      2. Custom policy creation using Seccomp and AppArmor
4. Network Security in containers
   1. 1. Segregating networks
5. Misc Docker Security Configurations
   1. 1. Content Trust and Integrity checks
6. Docker Registry security configurations
   1. 1. Private vs. Public Registries
      2. Authentication and Authorization (RBAC)
      3. Built-in Image scanning capabilities
      4. Policy enforcement
      5. DevOps CI/CD Integration
7. Docker Tools, Techniques and Tactics
   1. 1. Tools
         1. Dive (Forensic)
         2. Dockle
      2. Techniques
      3. Tactics
8. Hands-on Exercises:
   1. Static Analysis using Hadolint
   2. Scanning Docker for Vulnerabilities With Trivy
   3. Embedding Trivy Scanning in GitLab CI
   4. Build a Secure, Miniature Image With Distroless To Minimize Attack Footprint
   5. Minimize Docker Security Misconfigurations With CIS Compliance
   6. Securing Container Images by Default Using Harbor
   7. Signing Container Images for Trust

1. Monitoring Docker events, logs
2. Incident response in containers
3. Docker runtime prevention
4. Policy creation, enforcement, and management
5. Docker security monitoring using Wazuh
6. Hands-on Exercises:
   1. Auditing Docker using AuditD
   2. Sysdig Falco – Runtime Protection and Monitoring
   3. Tracee – Runtime Security

1. After completing the course, you can schedule the CCSE exam on your preferred date.
2. Process of achieving Practical DevSecOps CCSE Certification can be found on the exam and certification page.