Looking for a specific timezone? We have it covered...
View analytic
Tuesday, October 24 • 07:00 - 07:45
Testing Docker Images Security

Sign up or log in to save this to your schedule and see who's attending!

Docker is a great technology that allows developers to build and deploy the infrastructure of an application in one source code image, but, security is one of the biggest challenges. In this talk, we present the best practices and lessons learned of security reviews on docker images deployments.

While configuration management with docker offer many advantages in terms of single point of maintenance, security testing and the ability to perform security audits, they are also an attractive target for attackers as they can be used to gain control of the full software stack and sometines you have to make an additional work to harden your Docker based environment and make it more secure.

In this talk, we present the lessons learned of security reviews on docker images deployments. First, we give an overview of a typical process docker deployment. Second, we explain the attack surface and threats over docker images. Third, we present how we can detect vulnerabilities in source images with code analysis techniques. We conclude with best practices explaining how to remediate these vulnerabilities.

These could be the main talking points:

1-Introduction to docker security ecosystem,examining the main parts of a docker application.

2-Tools for auditing docker images for detecting vulnerabilities like docker-bench-security and lynis

The target of these tools is detect potential vulnerabilities in docker images/containers and to monitor running docker containers for detecting anomalous activities.

3- Other tools for testing the security of a docker container.

We can use tools such as Jenkins/TravisCI for automated testing, and Coveralls to ensure all lines of code inside docker image are tested.

4-Security best-practices around deploying Docker containers in production.

avatar for Jose Manuel Ortega

Jose Manuel Ortega

My career has been focused from the beginning to specialize in application security. My strengths live on at the technical level by the type of training that I have received in recent years and the projects where I have worked. In recent years Im interesting in mobile application... Read More →

Tuesday October 24, 2017 07:00 - 07:45
Automated Security: Europe

Attendees (753)