Understanding the MITRE ATT&CK Container Framework - as a Developer

  • Webcast Aired Wednesday, 09 Jun 2021 3:30PM EDT (09 Jun 2021 19:30 UTC)
  • Speakers: Matt Bromiley, John Kinsella

Recently, MITRE released a new ATT&CK framework this time, for containerized environments. With the container ecosystem being geared towards developers and devsecops, this introduces the ATT&CK framework to an audience outside of the traditional security operations team.

In this webinar, John Kinsella, Chief Architect at Accurics, walks through a brief introduction of ATT&CK for developers, and then turns to discuss how a development team can think about how the framework relates to their application, and how to use it to help inform a threat model. In this talk, John will be focusing less on slides, but using live demos where possible to illustrate points. Where possible, demo environments will be built through IAC tools like kustomize and helm, and some time will be spent talking about security best practices for using those tools, as well.

Attendees will learn to:

· Understand how attackers are targeting containerized applications in the real world

· Use ATT&CK as a base framework for threat modeling their applications

· Become familiar with best practices for IAC

*Please note, there are no slides available for this webcast.