Explore the world of Docker in this 38-minute LASCON conference talk. Delve into the history of containers, compare them to virtual machines, and understand why Docker has become so popular in the tech industry. Learn about the potential benefits of Docker for DevOps practices and discover why security professionals should consider its implementation. Examine the current security concerns surrounding Docker, including the lack of identity management, and explore emerging solutions within the Docker ecosystem. Gain insights into Docker's first security feature, Notary, and understand its implications for content trust. Investigate Docker's role in infrastructure, its use as a hypervisor, and its relationship with traditional virtualization technologies. Analyze security tools, best practices, and the importance of continuous delivery in Docker environments. Discover how to approach Docker security from an infrastructure perspective, and learn valuable lessons for implementing Docker securely in your organization.
Overview
Syllabus
Intro
Stack Engine
Microservices
Container Infrastructure
Amazon
Lessons Learned
Security Tools
Content Trust
RTFM
Infrastructure perspective
Docker as a hypervisor
Docker in a hypervisor
Venom
Docker vs KVM
Code churn
Docker commits
Summary
Opportunity
Security is a bottleneck
Blackbox testing
Reinventing the wheel
Attack yourself
Continuous Delivery
Evolution Not Revolution
Control Access
Taught by
LASCON
