Container & Microservice Security

Duration: 2 days

Our workshop “Container and Microservice Security”, will teach you how to secure a modern, microservice-based system. The course focuses on Docker but includes generally applicable patterns for securing production container systems. We will go into advanced topics, including managing secrets (such as database passwords or API keys), authenticating users and services, and automatically checking for vulnerable images.

The workshop is hands-on: you will be provided with a functional, but insecure, system which you will harden over the course of the two days. Docker containers offer simpler, faster, and more robust methods for developing, distributing, and running software. They can also increase security by isolating processes and reducing the attack surface of services. But containers can also introduce new security risks, especially if their usage replaces more heavyweight virtualisation techniques. These risks can be mitigated by hardening the host itself, and by minimising the attack surface of the running containers. The lightweight and fast nature of containers makes them the perfect foundation for microservice deployments, which are composed of many small elements that must react quickly in response to changes in the environment. However, microservice architectures come with their own set of security challenges, including

  • segregation of services with different security needs,
  • distribution of secrets such as API keys and database passwords,
  • request authentication and authorisation,
  • establishing the provenance of container images,
  • vulnerability management of containers, and
  • limiting attack vectors on the now large number of endpoints.


  • Day 1 focuses on the technical foundations of containers and their relationship to security. We will specifically look at Docker and its security characteristics. At the end of day 1, each participant will have hardened a Docker host and its running images.
  • Day 2 introduces a complete microservice setup with common weaknesses in its design and implementation. It will feature all the components usually found in real life, starting from a Continuous Delivery pipeline that builds Docker images, to a service discovery mechanism. Participants will work together to add security via structural changes to the architecture and specific changes to individual components and the services themselves.

Terms and conditions

Courses include training materials, lunch and refreshments during the course.
Public courses require that at least six people attend. We reserve the right to cancel or postpone courses if we do not get the minimal number of people. We will not refund cancellations within five working days of the course but will allow people to give their place to a friend or colleague. We reserve the right to replace the trainers due to illness or unforeseen circumstances.