Aqua Blog

Docker Security

Taking a Comprehensive Approach to Container Security in 2018 

Taking a Comprehensive Approach to Container Security in 2018 

In late 2016 we enlisted the help of security analysts and thought leaders Securosis to perform an in-depth best practices analysis of what companies should do to build a security program around containers. In the 14 months that passed, many things have evolved in the container (and now, cloud-native) ecosystem. So …

Continue reading ›
10 Essential Container CI/CD Tools

10 Essential Container CI/CD Tools

Continuous integration and continuous delivery (CI/CD) are two of the biggest trends in software development. As companies move to release higher quality software at a faster pace, developers and engineers need new approaches to building, testing, and delivering products. As a result, many companies are turning to …

Continue reading ›
Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack

Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack

This isn't a story about a Docker vulnerability; it's a story about how hackers are looking for unsecured Docker deployments where they can mine cryptocurrency. You shouldn't leave your Docker daemon unsecured  any more than you would leave your mail server unsecured.

We’ve heard many accounts of attempted (sometimes …

Continue reading ›
5 Essential Docker Storage Tools

5 Essential Docker Storage Tools

Storage has been a hot topic for as long as containers have been around. According to a survey by Portworx, 26% of IT pros cite persistent storage as the most difficult challenge in adopting containers, and 44% blame inadequate tools as the main reason. Although containers are stateless by design, the need to store …

Continue reading ›
2017 in Review: Major Developments in the Container Ecosystem

2017 in Review: Major Developments in the Container Ecosystem

From a “humble” $762 million in 2016, containers are predicted to grow faster than any other technology this year (as well as the next) and are on the way to become a $2.7B industry by 2020.

Continue reading ›
Container Technology Wiki – Your Container Knowledge Hub

Container Technology Wiki – Your Container Knowledge Hub

Last week McKinsey & Company named container technology and DevOps as two of the top Ten trends redefining enterprise IT infrastructure and for good reason. No longer considered as “bleeding edge”, containers, combined with DevOps, are revolutionizing the way applications are built and deployed. In a recent survey …

Continue reading ›
BlackHat 2017: Multi-Stage Attack Targeting Container Developers

BlackHat 2017: Multi-Stage Attack Targeting Container Developers

In just about a week we will be live on stage at BlackHat 2017 with this tersely titled talk: Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers, and we are very excited.

Continue reading ›
DockerCon 2017: Moby, LinuxKit, Linux Containers on Windows, and More

DockerCon 2017: Moby, LinuxKit, Linux Containers on Windows, and More

Last week I attended DockerCon along with many of my colleagues at Aqua. It was a great event, with over 5,000 attendees, making it the biggest DockerCon ever. Also, this year 20% of attendees were women - still room for improvement, but we’re on the right track. As usual, it was packed with interesting announcements …

Continue reading ›
Don't Leave Your Keys Exposed: Lessons from IBM Privilege Escalation Flaw

Don't Leave Your Keys Exposed: Lessons from IBM Privilege Escalation Flaw

Would you ever give your keys to a stranger? That’s exactly what someone at IBM did: they left private keys to the Docker host environment in IBM’s Data Science Experience service accessible to the outside world. Wayne Chang, security consultant who found this, explains in his original report:

Continue reading ›
Set DevSecOps in Motion with Minimal Commotion

Set DevSecOps in Motion with Minimal Commotion

DevOps professionals continue to believe they can’t do their jobs properly because security slows down operations. Security pros, meanwhile, have largely failed to integrate security measures into DevOps initiative, resulting in unproductive friction.

Continue reading ›
CVE-2016-9962: Run Container Run

CVE-2016-9962: Run Container Run

RunC Like the Wind

Recently, an interesting vulnerability was discovered (CVE-2016-9962) that enables container escape to the host. The vulnerability stems from a bug found in opencontainers' runc code, which is used by several container engines, including Docker.  

Continue reading ›