Six practical tips for securing your container-based deployment
Protecting against common attack vectors like SQL injection.
- Golang static analysis - GoASTScanner/gas
- List of static analysis tools
- source{d} are doing really interesting things with machine learning on source code and guided review
Protecting you from leaving your connections unsecured.
Protecting you from known exploits.
Minimizing your attack surface to reduce likelihood of both known and unknown vulnerabilities being present.
- A Container OS comparison
- CIS Docker benchmark and docker-bench
- CIS Kubernetes benchmark and kube-bench
Limiting the potential effect of an attack.
- Avoid running as root: canihasnonprivilegedcontainers
- Jess Frazelle on the privileged flag
Protecting you from attacks that cause your containers to behave in unexpected ways.
- Default Docker AppArmor and seccomp profiles
- Aqua's runtime protection
- xkcd on security advice and SQL injection
- GDPR regulations
- PCI standards