Offering more than just another buzzword, containers have become one of the biggest trends in software development over the past three years. Developers love their ability to package, test, and deploy their code without the hurdles that can come with transitioning from one environment to another. Leading the pack in the container game has been Docker with its trademark blue whale logo that has become synonymous with container technology. However, despite its popularity, security is still a concern for developers with Docker vulnerabilities out in the wild that can put your product at risk.
Containers come with a number of security advantages that give them an edge over your more common operating systems or even virtual machines (VMs).
Docker Vulnerabilities: Container Security 101
For starters, containers are isolated software units which makes it harder for malicious actors to escalate from one vulnerability in a containerized application to another or into the OS itself. Docker uses resource isolation features of the Linux kernel like kernel namespaces and cgroups that allow independent containers to run within a single Linux instance.
Second, Docker containers are small and generally focused software units that by design do not offer much in the way of ports that can be compromised or places to hide more complex malware.
All that said, there are still ways that hackers can escape the confines of the kernel with a container breakout flaw and gain access to other parts of your machine or infrastructure, but more on that later when we talk about the recent runC vulnerability that caught plenty of headlines in February 2019. Moreover, even as their small size presents a more confined attack surface, their diffuse nature means that there are more (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/top-5-docker-vulnerabilities