The three container security golden rules

As containers became a standard in IT applications, enumerating a few security best practices is now a business need. Therefore I’ve defined those three golden rules to keep in mind before pushing a new image for production to your company container repository.

I Careful with share volumes you will be

Contrary to a Virtual Machine, a Docker container uses the host kernel directly, so in case of a kernel vulnerability restricted permissions on shared resources won’t protect you from an attacker. For example, the vulnerability Dirty Cow ¹ is still used to get a root access on stock Android rom up to Nougat ². I won’t make a video on how to exploit this vulnerability, but if you’re interested in, you can find a very detailed blog post on Aqua Security blog ³.