Securing containers by Breaking In - Liran Tal - DevSecCon Tel Aviv 2019
0 likes132 views
The document outlines best practices for securing container images, emphasizing the importance of minimal base images, least privileged users, and enabling two-factor authentication (2FA). It highlights that a significant proportion of popular Docker containers contain known vulnerabilities and suggests using updated base images, image signing, and security linters. Additionally, it encourages adopting multi-stage builds and monitoring application dependencies to enhance container security.
Securing containers by Breaking In - Liran Tal - DevSecCon Tel Aviv 2019
- 1. Securing Containers by Breaking In @liran_tal Snyk DevSecCon Tel Aviv 2019
- 2. Node.js Security WG Liran Tal OWASP NodeGoat author of - Essential Node.js Security - O’Reilly’s Serverless Security Developer Advocate @liran_tal
- 3. @liran_tal 1 billion weekly d/l of container images
- 4. @liran_tal Best Practices for Docker Image Security
- 5. @liran_tal #1 Prefer Minimal Base Images
- 9. @liran_tal #2 Least Privileged User
- 10. @liran_tal
- 11. @liran_tal
- 13. @liran_tal how precious are your container images?
- 14. @liran_tal State of 2FA in the npm registry
- 15. @liran_tal 6.89% of all developers State of 2FA in the npm registry
- 16. @liran_tal 6% of all packages State of 2FA in the npm registry
- 17. @liran_tal State of 2FA in ecosystem
- 18. @liran_tal 0% of all users State of 2FA in ecosystem
- 19. @liran_tal State of 2FA in ecosystem
- 20. @liran_tal State of 2FA in ecosystem
- 21. @liran_tal State of 2FA in ecosystem
- 22. @liran_tal State of 2FA in ecosystem
- 23. @liran_tal State of 2FA in ecosystem
- 24. @liran_tal State of 2FA in ecosystem
- 25. @liran_tal #4 Sign and verify images
- 26. @liran_tal
- 27. @liran_tal
- 28. @liran_tal
- 29. @liran_tal #5 Find, Fix and Monitor Open Source Vulnerabilities in the OS
- 30. @liran_tal 76.6% of the top 1,000 Docker containers have severe known vulnerabilities
- 34. @liran_tal
- 35. @liran_tal
- 36. @liran_tal
- 37. @liran_tal 44% of docker image vulnerabilities can be fixed with newer base images
- 39. @liran_tal 20% of docker image vulnerabilities can be fixed just by rebuilding them
- 41. @liran_tal
- 42. @liran_tal What can possibly go wrong with vulnerabilities in my container?
- 43. @liran_tal
- 44. @liran_tal
- 45. @liran_tal
- 46. @liran_tal
- 47. @liran_tal What can possibly go wrong with vulnerabilities in my container?
- 48. @liran_tal
- 49. @liran_tal #6 Use a linter
- 50. @liran_tal
- 51. @liran_tal #7 application dependencies impact container security too
- 56. @liran_tal What can possibly go wrong with vulnerabilities in my app?
- 58. @liran_tal build image compile and setup your app prod image production artifacts
- 59. @liran_tal Attackers are targeting open source one vulnerability = many victims
- 60. @liran_tal Re-build images often Choose the right base image Scan docker images during devel’ Use a security linter for a Dockerfile Use multi-stage docker builds https://snyk.io/blog/10-docker-image-security-best-practices Enable 2FA and use trusted images
- 61. Be a Responsible Cool Kid Containers are Cool @liran_tal