Everything you need to know about containers security
Security is important but not everyone cares about it until something bad happens. In this talk, I’ll speak about main tips for integrating Security into Containers.I will share my knowledge and experience and help people learn to focus more on Containers Security.
In this talk I will review the state of the art of application security practices and talk about best security practices to create more secure containers. And we look at organizational, process, and technology innovations to secure applications in ways that incorporate, but go beyond, testing for vulnerabilities, by looking at what developers can do before checking in code and what application security looks like in production.
These could be the main talking points:
-How to Integrate security into iteration and pipeline application development.
Integrating security into the iteration and pipeline application development involves automating as many security tests as possible so that they run all other automated tests. These tests should be performed on every code commit, and even in the earliest stages of a software project.
-How to integrate preventive security controls into shared source code repositories and shared services.
Shared source code repositories allows anyone to discover and reuse the collective knowledge of the organization, not only for code, but also for toolchains, deployment pipeline and security. Security information should include mechanisms or tools for safeguarding applications and environments, such as specifc libraries for security support. Also, is important putting security artifacts into the version control system that Containers use for detecting vulnerablities in specific third party libraries.
-How to secure your development environments.
Is important ensure that all environments minimize security risk. This involves generating automated tests to ensure that all appropriate settings have been correctly applied for configuration hardening, database security, key lengths, and so on. It also involves using tests to scan environments using security vulnerablities scanner.
Jose Manuel Ortega
Software engineer & Security ResearcherView Speaker Profile