SlideShare a Scribd company logo

Everything you need to know about containers security

Jose Manuel Ortega Candel
Jose Manuel Ortega Candel

Everything you need to know about containers security Linux Containers and Docker security solutions

Technology
1 of 57
Download to read offline
Everything you need to know about Containers Security Track Containers José Manuel Ortega
@jmortegac
Agenda ● Introduction to containers security ● Linux Containers(LXC) ● Docker Security ● Security pipeline && Container threats ● Tools for auditing container images
Virtualization vs containers
Virtualization vs containers
Security mechanims
Namespaces ● Provides an isolated view of the system where processes cannot see other processes in other containers ● Each container also gets its own network stack. ● A container doesn’t get privileged access to the sockets or interfaces of another container.
Cgroups && capabilities ● Cgroups: kernel feature that limits and isolates the resource usage (CPU, memory, network) of a collection of processes. ● Linux Capabilities: divides the privileges of root into distinct units and smaller groups of privileges
Linux Containers(LXC)
LXC ● Lightweight virtual machines ● VMs without the hypervisor ● Kernel namespaces ● Apparmor and SELinux profiles ● Seccomp policies ● Kernel capabilities and Control groups
LXC
LXC:limit resources
LXC:limit resources
Docker
Container pipeline
Docker images
Docker security ● Isolation via kernel namespaces ● Aditional layer of security Apparmor, SELinux, GRSEC ● Each container gets its own network stack ● Control groups for resources limiting ● Other interesting features….
Docker Content Trust ● We can verify the integrity of the image ● Checksum validation when pulling image from docker hub ● Pulling by digest to enforce consistent
Docker Capabilites ● A capability is a unix action a user can perform ● Goal is to restrict “capabilities” ● Privileged process = all the capabilities! ● Unprivileged process = check individual user capabilities ● Example Capabilities: ○ CAP_CHOWN ○ CAP_NET_RAW
Containers security is about limiting and controlling the attack surface on the kernel.
Least privilege principle ● Do not run processes in a container as root to avoid root access from attackers. ● Enable User-namespace ● Run filesystems as read-only so that attackers can not overwrite data or save malicious scripts to file. ● Cut down the kernel calls that a container can make to reduce the potential attack surface.
Read only containers & volumes
Seccomp ● Restricts system calls based on a policy ● Block/limit things like: ○ Kernel manipulation (init_module, finit_module, delete_module) ○ Executing mount options ○ Change permissions ○ Change owner and groups
Docker bench security ● Auditing docker environment and containers ● Open-source tool for running automated tests ● Inspired by the CIS Docker 1.11 benchmark ● Runs against containers currently running on same host ● Checks for AppArmor, read-only volumes, etc... https://github.com/docker/docker-bench-securit y
Docker bench security ● The host configuration ● The Docker daemon configuration ● The Docker daemon configuration files ● Container images and build files ● Container runtime ● Docker security operations
Lynis ● https://github.com/CISOfy/lynis-docker ● Lynis is a Linux, Mac and Unix security auditing and system hardening tool that includes a module to audit Dockerfiles. ● lynis audit system ● lynis audit dockerfile <file>
Security Pipeline
CI/CD
CI/CD
Container threats
● Kernel Exploits(Dirty Cow exploit) ● Vulnerabilities like the glibc buffer overflow ● SQL injection attacks ● MongoDB and ElasticSearch ransomware attacks
● Don’t run containers as root ● Drop all capabilities and enable only needed ● Enable user namespaces ● Use seccomp for limit syscalls for avoid kernel exploits ● Keep the host kernel updated with last patches ● Mount volumes with read only Remember
Audit Container Images
● You can scan your images for known vulnerabilities ● Find known vulnerable binaries ○ Docker Security Scanning ○ Anchore Cloud ○ Dagda ○ Tenable.io Container Security
Docker security scanning
Docker security scanning
Anchore
Anchore
Anchore
Dagda
Tenable.io container security
References ● https://docs.docker.com/engine/security ● http://www.oreilly.com/webops-perf/free/files/docker-securi ty.pdf ● http://container-solutions.com/content/uploads/2015/06/15.0 6.15_DockerCheatSheet_A2.pdf ● Docker Content Trust https://docs.docker.com/engine/security/trust/content_trust ● Docker Security Scanning ● https://docs.docker.com/docker-cloud/builds/image-scan ● https://blog.docker.com/2016/04/docker-security ● http://softwaretester.info/docker-audit
Thanks! Contact: @jmortegac jmortega.github.io about.me/jmortegac

Recommended

Testing Docker Images Security -NcN edition
Testing Docker Images Security -NcN editionTesting Docker Images Security -NcN edition
Testing Docker Images Security -NcN editionJose Manuel Ortega Candel
 
Testing Docker Images Security
Testing Docker Images SecurityTesting Docker Images Security
Testing Docker Images SecurityJose Manuel Ortega Candel
 
Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Jose Manuel Ortega Candel
 
Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017Jose Manuel Ortega Candel
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization WSO2
 

Recommended

Testing Docker Images Security -NcN edition
Testing Docker Images Security -NcN editionTesting Docker Images Security -NcN edition
Testing Docker Images Security -NcN editionJose Manuel Ortega Candel
 
Testing Docker Images Security
Testing Docker Images SecurityTesting Docker Images Security
Testing Docker Images SecurityJose Manuel Ortega Candel
 
Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Jose Manuel Ortega Candel
 
Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017Jose Manuel Ortega Candel
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization WSO2
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Boden Russell
 
What you most likely did not know about sudo…
What you most likely did not know about sudo…What you most likely did not know about sudo…
What you most likely did not know about sudo…All Things Open
 
Secure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinuxSecure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinuxJames Morris
 
Docker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsDocker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsSharath Kumar
 
MR201404 building secure linux application with privilege separation
MR201404 building secure linux application with privilege separationMR201404 building secure linux application with privilege separation
MR201404 building secure linux application with privilege separationFFRI, Inc.
 
Linux Distribution Automated Testing
Linux Distribution Automated Testing Linux Distribution Automated Testing
Linux Distribution Automated TestingAleksander Baranowski
 
CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepCLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepAll Things Open
 
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016Manideep Konakandla
 
Docker Dojo
Docker DojoDocker Dojo
Docker DojoHugo González Labrador
 
PIC your malware
PIC your malwarePIC your malware
PIC your malwareCODE WHITE GmbH
 
Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practiceschristophm
 
Advanced Blockchain Technologies on Privacy and Scalability
Advanced Blockchain Technologies on Privacy and ScalabilityAdvanced Blockchain Technologies on Privacy and Scalability
Advanced Blockchain Technologies on Privacy and ScalabilityAll Things Open
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
Is Docker Secure?
Is Docker Secure?Is Docker Secure?
Is Docker Secure?Manideep Konakandla
 
BSides SF talk on Docker Images Security - Feb 13, 2017
BSides SF talk on Docker Images Security - Feb 13, 2017BSides SF talk on Docker Images Security - Feb 13, 2017
BSides SF talk on Docker Images Security - Feb 13, 2017Manideep Konakandla
 
Attacking and Auditing Containers - Nishith Khadadiya
Attacking and Auditing Containers - Nishith KhadadiyaAttacking and Auditing Containers - Nishith Khadadiya
Attacking and Auditing Containers - Nishith KhadadiyaNSConclave
 
Common Docker Problems and Solutions
Common Docker Problems and SolutionsCommon Docker Problems and Solutions
Common Docker Problems and SolutionsJoel Chen
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Introduction To Linux Kernel Modules
Introduction To Linux Kernel ModulesIntroduction To Linux Kernel Modules
Introduction To Linux Kernel Modulesdibyajyotig
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
Exploring Docker Security
Exploring Docker SecurityExploring Docker Security
Exploring Docker SecurityPatrick Kleindienst
 

More Related Content

What's hot

Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Boden Russell
 
What you most likely did not know about sudo…
What you most likely did not know about sudo…What you most likely did not know about sudo…
What you most likely did not know about sudo…All Things Open
 
Secure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinuxSecure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinuxJames Morris
 
Docker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsDocker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsSharath Kumar
 
MR201404 building secure linux application with privilege separation
MR201404 building secure linux application with privilege separationMR201404 building secure linux application with privilege separation
MR201404 building secure linux application with privilege separationFFRI, Inc.
 
Linux Distribution Automated Testing
Linux Distribution Automated Testing Linux Distribution Automated Testing
Linux Distribution Automated TestingAleksander Baranowski
 
CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepCLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepAll Things Open
 
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016Manideep Konakandla
 
Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practiceschristophm
 
Advanced Blockchain Technologies on Privacy and Scalability
Advanced Blockchain Technologies on Privacy and ScalabilityAdvanced Blockchain Technologies on Privacy and Scalability
Advanced Blockchain Technologies on Privacy and ScalabilityAll Things Open
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
BSides SF talk on Docker Images Security - Feb 13, 2017
BSides SF talk on Docker Images Security - Feb 13, 2017BSides SF talk on Docker Images Security - Feb 13, 2017
BSides SF talk on Docker Images Security - Feb 13, 2017Manideep Konakandla
 
Attacking and Auditing Containers - Nishith Khadadiya
Attacking and Auditing Containers - Nishith KhadadiyaAttacking and Auditing Containers - Nishith Khadadiya
Attacking and Auditing Containers - Nishith KhadadiyaNSConclave
 
Common Docker Problems and Solutions
Common Docker Problems and SolutionsCommon Docker Problems and Solutions
Common Docker Problems and SolutionsJoel Chen
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Introduction To Linux Kernel Modules
Introduction To Linux Kernel ModulesIntroduction To Linux Kernel Modules
Introduction To Linux Kernel Modulesdibyajyotig
 

What's hot (20)

Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
 
What you most likely did not know about sudo…
What you most likely did not know about sudo…What you most likely did not know about sudo…
What you most likely did not know about sudo…
 
Secure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinuxSecure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinux
 
Docker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps winsDocker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps wins
 
MR201404 building secure linux application with privilege separation
MR201404 building secure linux application with privilege separationMR201404 building secure linux application with privilege separation
MR201404 building secure linux application with privilege separation
 
Linux Distribution Automated Testing
Linux Distribution Automated Testing Linux Distribution Automated Testing
Linux Distribution Automated Testing
 
CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepCLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grep
 
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016
 
Docker Dojo
Docker DojoDocker Dojo
Docker Dojo
 
PIC your malware
PIC your malwarePIC your malware
PIC your malware
 
Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practices
 
Advanced Blockchain Technologies on Privacy and Scalability
Advanced Blockchain Technologies on Privacy and ScalabilityAdvanced Blockchain Technologies on Privacy and Scalability
Advanced Blockchain Technologies on Privacy and Scalability
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
Is Docker Secure?
Is Docker Secure?Is Docker Secure?
Is Docker Secure?
 
BSides SF talk on Docker Images Security - Feb 13, 2017
BSides SF talk on Docker Images Security - Feb 13, 2017BSides SF talk on Docker Images Security - Feb 13, 2017
BSides SF talk on Docker Images Security - Feb 13, 2017
 
Attacking and Auditing Containers - Nishith Khadadiya
Attacking and Auditing Containers - Nishith KhadadiyaAttacking and Auditing Containers - Nishith Khadadiya
Attacking and Auditing Containers - Nishith Khadadiya
 
Common Docker Problems and Solutions
Common Docker Problems and SolutionsCommon Docker Problems and Solutions
Common Docker Problems and Solutions
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
Introduction To Linux Kernel Modules
Introduction To Linux Kernel ModulesIntroduction To Linux Kernel Modules
Introduction To Linux Kernel Modules
 

Similar to Everything you need to know about containers security

Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesAkihiro Suda
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container SecurityPhil Estes
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker FundamentalsAnshul Patel
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationWSO2
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudSalman Baset
 
Container Security
Container SecurityContainer Security
Container SecuritySalman Baset
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerRonak Kogta
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Dockerdocker-athens
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerEric Smalling
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A PrimerPhil Estes
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container PlatformAll Things Open
 

Similar to Everything you need to know about containers security (20)

Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
Exploring Docker Security
Exploring Docker SecurityExploring Docker Security
Exploring Docker Security
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 
Container Security
Container SecurityContainer Security
Container Security
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your container
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Docker
 
Docker up and running
Docker up and runningDocker up and running
Docker up and running
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with Docker
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
 

More from Jose Manuel Ortega Candel

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfJose Manuel Ortega Candel
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfJose Manuel Ortega Candel
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfJose Manuel Ortega Candel
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfJose Manuel Ortega Candel
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudJose Manuel Ortega Candel
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Jose Manuel Ortega Candel
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Jose Manuel Ortega Candel
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Jose Manuel Ortega Candel
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanJose Manuel Ortega Candel
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamJose Manuel Ortega Candel
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsJose Manuel Ortega Candel
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorJose Manuel Ortega Candel
 

More from Jose Manuel Ortega Candel (20)

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdf
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdf
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdf
 
Computación distribuida usando Python
Computación distribuida usando PythonComputación distribuida usando Python
Computación distribuida usando Python
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloud
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Implementing cert-manager in K8s
Implementing cert-manager in K8sImplementing cert-manager in K8s
Implementing cert-manager in K8s
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
 
Python para equipos de ciberseguridad
Python para equipos de ciberseguridad Python para equipos de ciberseguridad
Python para equipos de ciberseguridad
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue Team
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source tools
 
Python Memory Management 101(Europython)
Python Memory Management 101(Europython)Python Memory Management 101(Europython)
Python Memory Management 101(Europython)
 
SecDevOps containers
SecDevOps containersSecDevOps containers
SecDevOps containers
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collector
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Everything you need to know about containers security