Insecure containers?
2017-10-22, 13:00–13:40 (UTC), Event Loft

Open Source Software underpins the internet and many enterprises, but has repeatedly proven itself vulnerable to accident and tampering. As we fight to continuously secure millions of servers from attack, have we found a crucial panacea in containers?

This talk examines the anatomy of major vulnerabilities, demonstrates their applicability to containerised applications, and explores container native security tooling throughout the pipeline.

It covers recent major CVEs, container security models and extensions (cgroups, namespaces, rlimits, capabilities, Seccomp, AppArmor), their implementation in Docker and Kubernetes (flags, configuration best practices, entitlements), container breakout and hardening live demos, and container native security tooling (static/dynamic analysis, secret leakage prevention, IDS).