Skip to content

OWASP Docker/Container Top 10

Hosted by Dirk W. and Tilmann H.

Photo of OWASP Hamburg Meeting group

OWASP Hamburg Meeting

Details

Hello,

next talk will be in English.

After a bit of discussion we'll do an experiment: A talk in English by a native German (see below). As a potential future speaker this shouldn't discourage you if you have a suggestion for a talk to DM/PM me. Talks in German are still fine.

TLDR:

Title: "OWASP Docker/Container Top 10"
Speaker: Dirk Wetter
Location: XING. 8th floor
Start: 6:30 pm
Place for networking afterwards: TBD

Abstract:

Docker and Containerization in general offer several advantages for developers: They fit better in software development processes. They enable fast, reproducible deployments and e.g. when properly done with one change the same container could run either in a test or production environment. Also, sysadmins are not stopping developers' zest for action.

As far as security is concerned Docker itself provides several security
advantages. However containerization technology is not as straightforward if you run more than one container. It becomes more complex to handle as the attack surface becomes bigger. A typical mistake is that the developers get blinded by the easiness and neglect to see beyond their container, or security features are just not being used.

In addition marketing is giving you a feeling that without containerization
your IT stinks and is downplaying risk.

So, what now?

To avoid security pitfalls and having solid security baseline a proper
fundamental approach is needed.

This is the point where the Docker OWASP Top 10 (WIP) chimes in. By using a threat model approach, first the attack surface will be defined and based on that, 10 bullet points as controls will be presented. They start from important Do's and Dont's to advanced controls which can be used to tighten security further.

OWASP Stammtisch in General

Our meeting is about web applications and their (in)security and/or about IT security in general. People come together who care as a hobby or in their job about information security: developers, managers, pentesters and everybody else who's interested. The atmosphere is open and relaxed. Who's coming to sell products or services: Move on, this is not the right place. OWASP is about education and sharing (mostly) technical information.
Feel free to forward our meetup information to your colleagues or friend. They are welcome, too. Participation is free and open -- as the O in OWASP.

Cheers, Dirk

Events in Hamburg, DE

Members are also interested in