Container Security: Fundamental Technology Concepts that Protect Containerized Applications

o facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions. Author Liz Rice, VP of open source engineering at Aqua Security, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started.

Book contents:

  1. Container Security Threats

  2. Linux System Calls, Permissions, and Capabilities

  3. Control Groups

  4. Container Isolation

  5. Virtual Machines

  6. Container Images

  7. Software Vulnerabilities in Images

  8. Strengthening Container Isolation

  9. Breaking Container Isolation

  10. Container Network Security

  11. Securely Connecting Components with TLS

  12. Passing Secrets to Containers

  13. Container Runtime Protection

  14. Containers and the OWASP Top 10

  15. Conclusions

  16. Security Checklist