- This event has passed.
5GCroCo Lunchtime Webinar 4-2: Docker Security Part 2
17 May 2021 @ 12:00 - 14:00 CEST
Lunchtime Webinar Nr.4-2
Welcome to the second part of the 4th in a planned series of 5GCroco Lunchtime Webinars. These webinars will address different aspects of the technical work of the 5GCroco project in detail with some time for questions and discussions on the work presented.
Security Guideline for Docker
Container technologies have seen a rise in popularity in recent years. They provide a convenient way of packaging applications for deployment in production and offer lightweight alternatives to virtual machines (VMs). However, containers do not offer the same security benefits as VMs and – from a security perspective – many things can be done wrong when developing and running containerized workloads.
This web-seminar gives an overview of security threats and common vulnerability patterns related to designing, developing, and deploying docker containers. The focus are the most common docker vulnerability patterns, as seen “in the wild” from the experience of security assessments and based on security best practices. Insecure practices, potential misconfigurations and common pitfalls related to the building of docker images, containers at runtime, and the host environment are covered. For every issue, secure solutions, available protection mechanisms, as well as examples are provided.
The target audience of this web-seminar are developers with a basic understanding of docker who want and need to ensure they build and run containerized workloads in a secure manner. Only issues to docker and docker-compose are covered. More complex container orchestration tools, such as Kubernetes or OpenShift, are out of scope.
**Note** This web-seminar is split into two parts. This second part continues where the first part (presented on the 10th May) leaves off .
As preparation we suggest reading Section 4.5.3 of 5GCroCo Deliverable D3.2 on https://5gcroco.eu/images/templates/rsvario/images/5GCroCo_D3_2.pdf
Fabian Würfl works as Security Consultant at SEC Consult. His main areas of work are web application pen tests, network security assessments and Docker/Kubernetes/OpenShift security assessments. He regularly holds secure coding trainings for developers and works on internal software development projects.