SlideShare a Scribd company logo

Container security

Download as PPT, PDF
Anthony Chow
Anthony Chow

Slide deck for Opensource 101 South Carolina April 17

Technology
1 of 32
What You Should Know About Container Security Opensource 101 SC April 17, 2018 Anthony Chow Intel Innovator Auth0 Ambassador Twitter: @vCloudernBeer Blog: http://cloudn1n3.blogspot.com/
 Small footprint  Self contained  Fast provisioning time  Docker: Build – Ship - Run  Useful tool for DevOps  Effective solution for Microservices
 Not easy with persistent storage  Less isolated than a Virtual Machine  Share the same OS Kernel  Networking solutions to provide isolation
 Escape  Cross-container attacks  Application vulnerabilities  Denial of Service attack on the host.
 Host based  Container based  3rd Party Security Offerings  Miscellaneous
 Namespace  Control group (cgroup)  Root capabilities  Linux Security Modules
 Not turned on by default in Docker  Docker daemon needs to be started with “– userns-remap=default”
 Fine grain control over ‘root’ privileges  /usr/include/linux/capability.h  sudo /sbin/capsh –print  https://linux.die.net/man/7/capabilities  docker run -ti --name ubuntu1 --cap-drop=net_raw ubuntu bash  RedHat uses SystemTap to find capabilities of a container (https://developers.redhat.com/blog/2017/02/16/find-what-capabilities-an-application-requires-to-successful-run-in-a-container/)  https://docs.docker.com/engine/security/seccomp/
 Discretionary Access Control  the owner of the object specifies which subjects can access the object  Mandatory Access Control  the system (and not the users) specifies which subjects can access specific data objects  Role Based Access Control  Access is based on permission associated with a role and user is assigned with different roles.  Rule Based Access Control  Access is allowed or denied to resource objects based on a set of rules defined by a system administrator
 https://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html  SELinux  3 modes: Enforcing, Permissive and disabled  http://www.projectatomic.io/docs/docker-and-selinux/  https://opensource.com/business/14/9/security-for-docker  Works with labels.  AppArmor  2 modes: Enforcement and Complain  https://docs.docker.com/engine/security/apparmor/  Works with file path.
 Digital Digest for container image integrity  Docker Content Trust  CoreOS – dm_verify  Registry Authentication  OAuth2  Keyclock  Container Scanning  IBM – Vulnerability Advisor  RedHat – Atomic host  CoreOS – Clair and Quary  Docker – Docker cloud and Docker Hub
 Aqua - https://www.aquasec.com/  Anchore - https://github.com/anchore/anchore  TwistLock - https://www.twistlock.com/  Tenable - http://www.tenable.com/  Blackduck -https://www.blackducksoftware.com/  StackRox - stackrox.com
 Open Container Initiative (OCI)  Hardware Assisted:  Intel Clear Container  SCONE - Secure Linux Containers on Intel SGX  LinuxKit  Docker 1.13 Secret Management  Docker Authentication with Keycloak  Linux Container Hardening
 Utilizes Intel VT-x  QEMU-light  DAX – Direct Access  KSM – Kernel Same-page Mapping
Image source: https://clearlinux.org/blogs/how-Intel-clear-containers-protects-against-root-kernel-exploits-dirty-cow
Image source: https://clearlinux.org/blogs/how-Intel-clear-containers-protects-against-root-kernel-exploits-dirty-cow
Image source: Youtube Intel channel
onboot: - name: dhcpcd image: linuxkit/dhcpcd:<hash> command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: wg image: linuxkit/ip:<hash> net: new binds: - /etc/wireguard:/etc/wireguard command: ["sh", "-c", "ip link set dev wg0 up; ip address add dev wg0 192.168.2.1 peer 192.168.2.2; wg setconf wg0 /etc/wireguard/wg0.conf; wg show wg0"] runtime: interfaces: - name: wg0 add: wireguard createInRoot: true bindNS: net: /run/netns/wg services: - name: nginx image: nginx:alpine net: /run/netns/wg capabilities: - CAP_NET_BIND_SERVICE - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE Sample LinuxKit YAML File
 OAuth2 for authentication and authorization  Calico for security policy to protect east- west traffic
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: test-network-policy spec: podSelector: matchLabels: role: db ingress: - from: - podSelector: matchLabels: role: frontend ports: - protocol: tcp port: 6379
cat << EOF | calicoctl create -f - - apiVersion: v1 kind: policy metadata: name: frontend spec: order: 0 selector: role == 'frontend' egress: - action: allow protocol: tcp destination: selector: role == 'database' ports: - 3306
 Docker Security - SELinux  Security for Docker  CoreOS – runtime security  Docker - security  Redhat – Docker authentication
 Sysdig Kubernetes Security Guide  Aquasec Kubernetes Security Deep Dive
Thanks for coming and enjoy the rest of Opensource 101 SC, 2018

Recommended

CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepCLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepAll Things Open
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerPhil Estes
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingPhil Estes
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
 
Hands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesHands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesYigal Elefant
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
 

Recommended

CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepCLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepAll Things Open
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerPhil Estes
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingPhil Estes
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
 
Hands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesHands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesYigal Elefant
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolationallingeek
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Zach Hill
 
Veer's Container Security
Veer's Container SecurityVeer's Container Security
Veer's Container SecurityJim Barlow
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Docker and kernel security
Docker and kernel securityDocker and kernel security
Docker and kernel securitysmart_bit
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Dockermsyukor
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security ParadigmAnis LARGUEM
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101inside-BigData.com
 
Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017Jose Manuel Ortega Candel
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Boden Russell
 
Docker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak PeekDocker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak Peekmsyukor
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityJérôme Petazzoni
 
Building Reusable Development Environments with Docker
Building Reusable Development Environments with DockerBuilding Reusable Development Environments with Docker
Building Reusable Development Environments with DockerRevelation Technologies
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)Maciej Lasyk
 
Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Gordon Haff
 
Docker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsDocker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsSharath Kumar
 
Docker Security in Production Overview
Docker Security in Production OverviewDocker Security in Production Overview
Docker Security in Production OverviewDelve Labs
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerRonak Kogta
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container SecurityPhil Estes
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel securitysmart_bit
 

More Related Content

What's hot

Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolationallingeek
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Zach Hill
 
Veer's Container Security
Veer's Container SecurityVeer's Container Security
Veer's Container SecurityJim Barlow
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Docker and kernel security
Docker and kernel securityDocker and kernel security
Docker and kernel securitysmart_bit
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Dockermsyukor
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security ParadigmAnis LARGUEM
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101inside-BigData.com
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Boden Russell
 
Docker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak PeekDocker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak Peekmsyukor
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityJérôme Petazzoni
 
Building Reusable Development Environments with Docker
Building Reusable Development Environments with DockerBuilding Reusable Development Environments with Docker
Building Reusable Development Environments with DockerRevelation Technologies
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)Maciej Lasyk
 
Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Gordon Haff
 
Docker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsDocker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsSharath Kumar
 
Docker Security in Production Overview
Docker Security in Production OverviewDocker Security in Production Overview
Docker Security in Production OverviewDelve Labs
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerRonak Kogta
 

What's hot (20)

Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
 
Veer's Container Security
Veer's Container SecurityVeer's Container Security
Veer's Container Security
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
 
Docker and kernel security
Docker and kernel securityDocker and kernel security
Docker and kernel security
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Docker
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security Paradigm
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
 
Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
 
Docker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak PeekDocker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak Peek
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
 
Building Reusable Development Environments with Docker
Building Reusable Development Environments with DockerBuilding Reusable Development Environments with Docker
Building Reusable Development Environments with Docker
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)
 
Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017
 
Docker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsDocker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps wins
 
Docker Security in Production Overview
Docker Security in Production OverviewDocker Security in Production Overview
Docker Security in Production Overview
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your container
 

Similar to Container security

Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container SecurityPhil Estes
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel securitysmart_bit
 
Secure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSecure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSBA Research
 
Docker orchestration voxxed days berlin 2016
Docker orchestration voxxed days berlin 2016Docker orchestration voxxed days berlin 2016
Docker orchestration voxxed days berlin 2016Grzegorz Duda
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization WSO2
 
Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant Ricardo Amaro
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Understanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsUnderstanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsAnthony Chow
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudSalman Baset
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationWSO2
 
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016Manideep Konakandla
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Ricardo Amaro
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 applicationRoman Rodomansky
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
VMware@Night: Container & Virtualisierung
VMware@Night: Container & VirtualisierungVMware@Night: Container & Virtualisierung
VMware@Night: Container & VirtualisierungDigicomp Academy AG
 

Similar to Container security (20)

Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel security
 
Secure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSecure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas Falk
 
Docker orchestration voxxed days berlin 2016
Docker orchestration voxxed days berlin 2016Docker orchestration voxxed days berlin 2016
Docker orchestration voxxed days berlin 2016
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016
 
Understanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsUnderstanding the container landscape and it associated projects
Understanding the container landscape and it associated projects
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
 
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
VMware@Night: Container & Virtualisierung
VMware@Night: Container & VirtualisierungVMware@Night: Container & Virtualisierung
VMware@Night: Container & Virtualisierung
 

More from Anthony Chow

Build your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationBuild your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationAnthony Chow
 
Understanding gRPC Authentication Methods
Understanding gRPC Authentication MethodsUnderstanding gRPC Authentication Methods
Understanding gRPC Authentication MethodsAnthony Chow
 
Api security with o auth2
Api security with o auth2Api security with o auth2
Api security with o auth2Anthony Chow
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
V brownbag sept-14-2016
V brownbag sept-14-2016V brownbag sept-14-2016
V brownbag sept-14-2016Anthony Chow
 
Getting over the barrier and start contributing to OpenStack
Getting over the barrier and start contributing to OpenStackGetting over the barrier and start contributing to OpenStack
Getting over the barrier and start contributing to OpenStackAnthony Chow
 
Introduction to go
Introduction to goIntroduction to go
Introduction to goAnthony Chow
 
Micro segmentation – a perfect fit for microservices
Micro segmentation – a perfect fit for microservicesMicro segmentation – a perfect fit for microservices
Micro segmentation – a perfect fit for microservicesAnthony Chow
 
An overview of OpenStack for the VMware community
An overview of OpenStack for the VMware communityAn overview of OpenStack for the VMware community
An overview of OpenStack for the VMware communityAnthony Chow
 
VXLAN in the contemporary data center
VXLAN in the contemporary data centerVXLAN in the contemporary data center
VXLAN in the contemporary data centerAnthony Chow
 
What a Beginner Should Know About OpenStack
What a Beginner Should Know About OpenStackWhat a Beginner Should Know About OpenStack
What a Beginner Should Know About OpenStackAnthony Chow
 

More from Anthony Chow (12)

Build your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationBuild your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your application
 
MQTT security
MQTT securityMQTT security
MQTT security
 
Understanding gRPC Authentication Methods
Understanding gRPC Authentication MethodsUnderstanding gRPC Authentication Methods
Understanding gRPC Authentication Methods
 
Api security with o auth2
Api security with o auth2Api security with o auth2
Api security with o auth2
 
Container security
Container securityContainer security
Container security
 
V brownbag sept-14-2016
V brownbag sept-14-2016V brownbag sept-14-2016
V brownbag sept-14-2016
 
Getting over the barrier and start contributing to OpenStack
Getting over the barrier and start contributing to OpenStackGetting over the barrier and start contributing to OpenStack
Getting over the barrier and start contributing to OpenStack
 
Introduction to go
Introduction to goIntroduction to go
Introduction to go
 
Micro segmentation – a perfect fit for microservices
Micro segmentation – a perfect fit for microservicesMicro segmentation – a perfect fit for microservices
Micro segmentation – a perfect fit for microservices
 
An overview of OpenStack for the VMware community
An overview of OpenStack for the VMware communityAn overview of OpenStack for the VMware community
An overview of OpenStack for the VMware community
 
VXLAN in the contemporary data center
VXLAN in the contemporary data centerVXLAN in the contemporary data center
VXLAN in the contemporary data center
 
What a Beginner Should Know About OpenStack
What a Beginner Should Know About OpenStackWhat a Beginner Should Know About OpenStack
What a Beginner Should Know About OpenStack
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Container security