Explore the vulnerabilities in container isolation and their potential for exploitation in this 25-minute Docker conference talk. Delve into the ways containers can influence or exploit each other, despite their intended purpose of application isolation. Learn about the underlying causes of these security issues and discover potential solutions. Join speakers Justin Cormack from Docker and Liz Rice from Aqua Security as they discuss topics including network sockets, ARP spoofing, and ping sockets. Gain insights into responsible disclosure practices, understand why certain capabilities are granted by default, and examine practical demonstrations of container security weaknesses.
Overview
Syllabus
Introduction
Responsible Disclosure
Overview
Capabilities
Network Socket
ARP spoofing
Demo
Utility Cord Catch
Why is it granted by default
Ping sockets
Solution
Taught by
Docker