Docker containers are the most popular containerisation technology. Used properly can increase level of security (in comparison to running application directly on the host). On the other hand some misconfigurations can lead to downgrade level of security or even introduce new vulnerabilities.
5. What is Kubernetes?
K8s is an open-source system
for automating deployment,
scaling, and management of
containerized applications.
Cloud Native Security
20. OWASP Best Practices
RULE #0 - Keep Host and Docker up to date
RULE #1 - Do not expose the Docker daemon socket
RULE #2 - Set a user
RULE #3 - Limit capabilities (Grant only specific capabilities,
needed by a container)
RULE #4 - Add –no-new-privileges flag
Cloud Native Security
21. OWASP Best Practices -
RULE #5 - Disable inter-container communication (--icc=false)
RULE #6- Use Linux Security Module (seccomp, AppArmor, or SELinux)
RULE #7 - Limit resources (memory, CPU, file descriptors, processes, restarts)
RULE #8 - Set filesystem and volumes to read-only
RULE #9 - Use static analysis tools
RULE #10 - Set the logging level to at least INFO
Cloud Native Security