defdeveu courses
Search…
README
secdev courses
Java
JavaScript
Android
iOS
.NET
C/C++
Webapps in general
Testing courses
Mobile testing automation
Security test automation in CI/CD pipelines
Burp for developers
DevSecOps courses
Docker security
AWS security
Control courses
Security champions boot
Assisted code-review lab
Practical personal cybersec for security auditors
S-SDLC playbook
Library
Mobile security baseline
Hacking applications
Language specific
Delivery
Main features
Agenda structure
Days and kits
Trainer formations
Course materials
Trainers
Glenn ten Cate
Zsombor Kovács
Davide Cioccia
Péter Nyilasy
Marek Zachara
Riccardo ten Cate
Timur Khrotko
Powered By GitBook
Docker security

About the workshop

The Docker security workshop is a great course to get some more insights and hands-on experience with Docker security. The topics in this course are the absolute fundamentals of what you should know to work with Docker responsibly. It goes from building minimalistic images to real live exploitation and mitigation of containerized solutions. The strictly Docker related part takes only half day.
In the one-day long (extended) version of the course we will not only learn Docker security, but also get means to continuously scan for vulnerabilities in for both appsec and infrastructure. Armed with this knowledge we can get a great understanding of the progression of the security maturity of your company. However, knowledge is useless if we have no effective way to handle it. Because of this the 'Security test automation' part of the course also introduces means of setting up a vulnerability management process.

Properties

title: Docker security
duration: normal: 0.5 day (3hrs education time); extended: 1 day
developed by: Riccardo ten Cate

Agenda

Docker security

Docker security fundamentals

  • This topic will talk about the Docker security fundamentals such as using minimalistic images, principle of least privilege etc.

Docker vulnerability scanning

  • How do we scan our docker images for security continuously even before we deploy them to production? What are the best practices for vulnerability scanning on Docker images.

Docker scratch images

  • Using minimalistic images is a nice way to get starting. However, for very critical infrastructure
    we may want to build our own images from scratch.

Using a keyvault to protect your secrets

  • By deploying applications through Docker it becomes more important than ever to handle your secrets correctly. Are all your secrets in one place? are they not checked in into version control? Are they laying around in your CI tools?

Docker hacking

  • Let's play this hands-on CTF game where we effectively need to break out of a Docker container and take over the host machine.

Security test automation *

Learning Vault

  • When using Docker it is essential to prevent key-sprawl. Secrets and API keys are often overlooked and leave an enormous attack surface that can be abused. How does Vault work, and how does it help secure your delivery pipeline.

Security test automation

  • How to create a scalable and CI platform agnostic approach for integrating security test automation into your organizations CI/CD pipelines.

Vulnerability management system

  • When scanning your containers and infrastructure continuously for vulnerabilities it is essential to have a process and a vulnerability management system in place to handle all the metrics that are generated by your favorite tooling.
* -- available in the extended course version

Trainers

Testing courses - Previous
Burp for developers
Next - DevSecOps courses
AWS security
Last modified 3yr ago
Copy link
Contents
About the workshop
Properties
Related courses
Agenda
Docker security
Security test automation *
Trainers