Docker is now part of everyday development, yet security is often treated as an afterthought. This session focuses on the real security risks developers introduce—often unknowingly—when building and running containers.

The talk covers common Docker mistakes seen in production, such as insecure base images, running containers as root, leaking secrets, and bloated images that expand the attack surface. It explains why these issues matter and how attackers actually exploit them.

Most importantly, the session shows practical, developer-friendly techniques to build secure Docker images without slowing down development. The goal is simple: help developers write Dockerfiles that are production-ready, secure by default, and aligned with modern DevOps and security expectations.