A few weeks ago we released Aqua MicroScanner, a free vulnerability scanner that you can embed into the dockerfile and automate scanning during image build.
Last week, Michael Hanselmann published details of a remote code execution vulnerability (CVE-2018-8115) that impacts Docker for Windows. As he described it: “Docker for Windows uses the Windows[…]
In a previous post, we explored six tools for storing data for Docker containers. Another challenge in container environments is getting containers to network in a consistent and secure manner -[…]
In late 2016 we enlisted the help of security analysts and thought leaders Securosis to perform an in-depth best practices analysis of what companies should do to build a security program around[…]
Continuous integration and continuous delivery (CI/CD) are two of the biggest trends in software development. As companies move to release higher quality software at a faster pace, developers and[…]
This isn't a story about a Docker vulnerability; it's a story about how hackers are looking for unsecured Docker deployments where they can mine cryptocurrency. You shouldn't leave your Docker[…]
From a “humble” $762 million in 2016, containers are predicted to grow faster than any other technology this year (as well as the next) and are on the way to become a $2.7B industry by 2020.
Last week McKinsey & Company named container technology and DevOps as two of the top Ten trends redefining enterprise IT infrastructure and for good reason. No longer considered as “bleeding[…]
In just about a week we will be live on stage at BlackHat 2017 with this tersely titled talk: Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and[…]