Security is a key concern for application developers and operations teams, as well as security professionals. What do I need to do in the face of new threats like Meltdown and Spectre? What happens when the next big issue comes along? What should my priorities be? How do containers help? In this talk we’ll demonstrate some common attacks live, and show how you can effectively defend your container deployment against them, using a combination of best practices, configuration, and tools.
Practical Steps For Securing Containers - Liz Rice
1. Copyright @ 2018 Aqua Security Software Ltd. All Rights Reserved.
@lizrice | @aquasecteam
Liz Rice (with credits to Justin Cormack at Docker)
Practical steps for securing
containers
11. 13@lizrice | @aquasecteam
“(83) In order to maintain security and to prevent processing in infringement of this
Regulation, the controller or processor should evaluate the risks inherent in the processing
and implement measures to mitigate those risks, . Those
measures should ensure an appropriate level of security, including confidentiality, taking
into account the state of the art and the costs of implementation in relation to the risks and
the nature of the personal data to be protected. In assessing data security risk,
consideration should be given to the risks that are presented by personal data processing,
such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or
access to, personal data transmitted, stored or otherwise processed which may in particular
lead to physical, material or non-material damage. ”
REGULATION (EU) 2016/679 OF THE
EUROPEAN PARLIAMENT
such as encryption
GDPR compliance
15. 18@lizrice | @aquasecteam
6.1 Ensure that all system components and software are protected from known
vulnerabilities by having the latest vendor-supplied installed.
Deploy critical patches within a month of release.
6.2 Establish a process to identify and assign a risk ranking to newly discovered security
vulnerabilities. Risk rankings should be based on industry best practices and guidelines.
Ranking vulnerabilities is a best practice that will become a requirement on
July 1, 2012.
Payment Card Industry
Data Security Standard version 2.0
security patches
Ranking vulnerabilities
PCI compliance
16. 20@lizrice | @aquasecteam
FROM wordpress:demo
COPY microscanner /microscanner
RUN chmod +x /microscanner
ARG token
RUN /microscanner --html ${token} > /ms-out.html
docker build -f Dockerfile.wp --build-arg=token=$TOKEN .
MicroScanner