Monday, June 23, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Application Security Cloud Security DevOps Security Bloggers Network 

Home » Cybersecurity » Application Security » Mastering Container Security: Docker, Kubernetes and More

SBN

Mastering Container Security: Docker, Kubernetes and More

by Tripwire Guest Authors on September 12, 2018

Bolting on security after the fact. It’s been a common approach to software security for decades.

We architect, build code, deploy it and then figure out how to secure it. From the parade of application-related breaches and data thefts over the last few years, we pretty much know this approach does not work.

Techstrong Gang Youtube
AWS Hub

Fortunately, the evolution of continuous deployment and DevOps, when coupled with the use of containers, offers great potential to improve application security.

Automated build pipelines provide the opportunity to include security checks into the build process, applying a range of tests to ensure every time we check in code that there is a single process to validate the application for functionality and security.

Static analysis, composition analysis, dynamic analysis, custom tests for keys and credentials and other simple solutions are available commercially and in open-source. This helps us make the code secure and obviates the need for some external security controls. These tools help you ‘look inside’ containers during the build process and validate content and function so the container has security built in regardless of where it is run.

Automation ensures these tests occur quickly and results are integrated into trouble-ticketing systems and source code control. Once validated, code is placed into secure registries. As a result, only trusted code makes it into production, thereby helping to avoid ‘pre-owned’ images from the Internet.

Containers are not commonly considered an advancement for security. With the move to micro-services, we are breaking down monolithic applications into simpler, easier to manage, and easier to scale components. An application essentially becomes a collection of loosely coupled services.

Containers are an ideal medium for this conversion, as they let us wrap a simple service into a consistent unit of delivery. If you think about it, this helps with security, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/devops/container-security-docker-kubernetes/

September 12, 2018September 13, 2018 Tripwire Guest Authors Cloud, containers, DEVOPS, Docker, Kubernetes
  • ← What Cloud Migration Means for Your Security Posture
  • What the Healthcare Industry Needs: Cybersecurity Pros →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report
US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency
Is Your CISO Ready to Flee? 
16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat
Scattered Spider Targets Aflac, Other Insurance Companies
How the New HIPAA Regulations 2025 Will Impact Healthcare Compliance
Your passwords are everywhere: What the massive 16 billion login leak means for you
Understanding EchoLeak: What This Vulnerability Teaches Us About Application Security | Impart Security
AI Security Guide: Protecting models, data, and systems from emerging threats
The $4.88 Million Question: Why Password-Based Breaches Are Getting More Expensive

Industry Spotlight

Scattered Spider Targets Aflac, Other Insurance Companies
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

Scattered Spider Targets Aflac, Other Insurance Companies

June 22, 2025 Jeffrey Burt | Yesterday 0
US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency
Analytics & Intelligence Blockchain Cyberlaw Cybersecurity Data Privacy Digital Currency Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches 

US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency

June 20, 2025 Richi Jennings | 3 days ago 0
Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks
Blockchain Cloud Security Cybersecurity Data Security Digital Currency Featured Identity & Access Incident Response Industry Spotlight Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks

June 18, 2025 Jeffrey Burt | Jun 18 0

Top Stories

16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat
Cloud Security Cybersecurity Data Privacy Data Security Endpoint Featured Identity & Access Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches 

16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat

June 22, 2025 Jeffrey Burt | Yesterday 0
AWS Raises Expertise Bar for MSSP Partners
AI and Machine Learning in Security Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

AWS Raises Expertise Bar for MSSP Partners

June 22, 2025 Michael Vizard | Yesterday 0
Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report
Cybersecurity Featured News Security Boulevard (Original) Social - X Spotlight 

Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report

June 19, 2025 Jon Swartz | 4 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Exoplanet System’

Randall Munroe’s XKCD ‘Exoplanet System’

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×