Explore a comprehensive conference talk detailing one security professional's journey in learning Docker security. Gain valuable insights into securing container environments, understanding different security models, and protecting against container-based attacks. Discover the challenges and lessons learned from migrating a legacy web application to a Docker platform. Learn how to build secure container architectures, threat model modern microservices applications, and implement effective DevOps security processes. Examine detailed incident response examples from an actual attack, and acquire practical tips for securing your Software Development Life Cycle. Delve into topics such as network security, managing secrets, Jenkins security, container scanning, and kernel module protection. Walk away with actionable Docker defensive recommendations to enhance your container security posture.
How I Learned Docker Security the Hard Way - So You Don’t Have To
Overview
Syllabus
RSAConference 2019 San Francisco March 4-8 Moscone Center
Why Docker? (2) "Containers are immutable."
Why Not Docker? (2)
The Beginning
Enter Docker
The Docker Journey - From Hate to Love
At This Stage Consider A Mindset Change
PPWorks - Initial Architecture
Two Things Pushed Us To The Cloud
Ubuntu Upgrades
The One Spinning Drive In The Building
Then I Read The Phoenix Project...
Big Takeaways
Network Security
Managing Secrets
The Security Incident... (2)
Jenkins Uses The Docker API
Scan Your Containers
Kernel Module Protection
Docker Defensive Recommendations Recap
Taught by
RSA Conference
