Overview
Explore the security challenges and solutions for Docker containerized environments in this comprehensive conference talk from AppSecUSA 2016. Dive into the Docker ecosystem, comparing containerization to virtualization technology before delving deep into Docker security. Examine each component of the container pipeline, including images, container runtime, host security, daemon security, communication security, and registry security. Learn about vulnerabilities found in Docker Hub images, including critical issues like Heartbleed and Shellshock. Discover best practices for securing Docker images and containers, including efficient scanning techniques, Docker Content Trust, and golden rules for writing secure Dockerfiles. Challenge the notion of Docker's "secure by default" claim and understand potential exploits. Gain insights into available tools for securing container ecosystems, their pros and cons, and implement effective strategies to protect your Docker environments.
Syllabus
Manideep Konakandla - Breaking and Fixing your ‘Docker’ ized environments - AppSecUSA 2016
Taught by
OWASP Foundation