Why Should Developers Care about Container Security? - Eric Smalling

Testing Security Automation

Developers, learn why container security is crucial for your applications, and discover best practices for integrating security into your development workflow, from understanding infrastructure to automating testing and scanning.

Key takeaways
  • Containers provide a new attack surface, expanding the scope of responsibility for developers.
  • Container security requires understanding of the infrastructure, networks, and application levels.
  • Developers need to consider security during all stages of the development process, not just at the end.
  • Multistage builds can help manage security by using different base images or versions for different environments or templates.
  • Image layers provide a way to track and manage changes in an image.
  • Regular scanning and auditing are essential for detecting vulnerabilities and ensuring security.
  • Context is important when interpreting security scan results, as some findings may not be relevant or exploitable.
  • Debugging container configurations and vulnerabilities requires a deep understanding of the underlying systems and technologies.
  • Docker provides features like --privileged mode and security context to help manage container security.
  • Effective security practices include using secure base images, not overwriting existing configurations, and testing and verifying security settings.
  • Automating security testing and scanning can help ensure security is integrated into development processes.
  • Container development should involve security principles and practices from the very beginning, and not be an afterthought.
  • Understanding how layers work in an image and being able to troubleshoot and debug issues is key to container security.
  • Pinning to specific versions of dependencies and libraries can help manage updates and prevent security issues.
  • Developers should be aware of the importance of security in container development and take steps to integrate security into their workflows.

More talks

Why Security Is Important in ML and How To Secure Your ML-based Solutions | Rachid Kherrazi

A SSLippery Slope: Unraveling the Hidden Dangers of Certificate Misuse

The Past, Present, and Future of Cloud Native API Gateways | Daniel Bryant

Use your source code to document your application - Michaël Hompus - NDC London 2023

AI Assisted Decision Making of Security Review Needs for New Features

Day 2 Lightning Talks | JupyterCon 2023

The Great AI Revolution - How Epic Could the Disruption Be?

Kat Gaines - Mastering incident communication