Docker 201 Security
Dirk Wetter at AppSec EU 2018
Docker containers offer several advantages for developers. Most notably they fit perfectly in software development processes, they enable fast, reproducible deployments and when properly done, with little change the same container can run either in a test or production environment.
Despite threatening information out there Docker offers per se also several security advantages. However it is important to make use of them and as a minimum avoid the several security ops pitfalls. In a worst case scenario this can lead otherwise to less security or the security benefits which the containment technology offers are not being used at all.
To avoid most common mistakes and to improve security beyond the default, the speaker will present Docker Top 10 security bullet points which covers important Do's and Dont's, for advanced needs how to tighten security further, how to check (partly) your Docker and Kubernetes security status yourself. The talk is based on practical experiences at several costumers and on the speaker's solid network and systems security expertise.
Despite threatening information out there Docker offers per se also several security advantages. However it is important to make use of them and as a minimum avoid the several security ops pitfalls. In a worst case scenario this can lead otherwise to less security or the security benefits which the containment technology offers are not being used at all.
To avoid most common mistakes and to improve security beyond the default, the speaker will present Docker Top 10 security bullet points which covers important Do's and Dont's, for advanced needs how to tighten security further, how to check (partly) your Docker and Kubernetes security status yourself. The talk is based on practical experiences at several costumers and on the speaker's solid network and systems security expertise.