How to find and fix Docker container vulnerabilities in 2020

Click for: original source

Containerization allows engineering teams to create a sandbox environment in which to run and test applications. But these open-source images may sometimes contain vulnerabilities which can jeopardise the safety of containers and in turn its host computer/server. By Dipto Karmakar.

A good example of such a hack is Tesla’s cryptojacking attack on an unprotected Kubernetes cluster. In this attack, the attackers were able to download and run a malicious script for mining crypto using GPUs provided by Tesla’s K8s (Kubernetes) cluster. They were able to keep this attack under the radar by keeping CPU usage to a minimum and also running the script at specific time intervals.

The article describes:

  • Common container vulnerabilities and how to fix them
  • How to find container vulnerabilities
    • Using Docker Bench for Security
    • Scanning for vulnerabilities in GCR
    • Using Enterprise-Grade Solutions

Containers make it possible for engineering teams to roll out software seamlessly. However, this ease comes at the cost of security. You will also get plenty of links to further reading. Nice one!

[Read More]

Tags containers docker infosec