Explore the critical role of static analysis in identifying and preventing configuration vulnerabilities in containerized environments and Infrastructure as Code (IaC) setups. Learn how misconfigurations can lead to security risks such as exposed secrets, data leaks, unauthorized access, and DDoS attacks. Discover the importance of shifting left in the software development lifecycle to catch vulnerabilities early. Examine common pitfalls in Dockerfile configurations that can introduce security vulnerabilities and poor practices. Gain insights into Static Analysis and Software Composition Analysis techniques for securing code and dependencies. Follow a practical demonstration on setting up Static Analysis in your IDE to scan Dockerfiles, receive suggested fixes, and implement gating mechanisms to block critical issues. Presented by Borja Burgos, Director of Product Management at DataDog, this 38-minute conference talk from DockerCon 2023 equips developers and DevOps professionals with essential knowledge to enhance the security of their containerized applications and infrastructure.
Using Static Analysis to Catch Configuration Vulnerabilities
Overview
Syllabus
Using Static Analysis to Catch Configuration Vulnerabilities (DockerCon 2023)
Taught by
Docker
Related Courses
-
Application Analysis with SonarQube
-
Application Security for Developers
-
Application Security for Developers and DevOps Professionals
-
Static Code Analysis of Complex PHP Application Vulnerabilities
-
Vulnerabilities and Misconfigurations in Cloud-Native Security - Two Sides of the Same Risk Coin
-
Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
