7–9 November 2016: Conference & Tutorials
9–10 November 2016: Training
Amsterdam, The Netherlands

Docker and microservices security

Adrian Mouat (Container Solutions)
9:30–13:00 Wednesday, 9/11/2016
Reimaging DevOps, security, and infrastructure DevOps, Security G102/103 Audience level: Intermediate
Average rating: ***..
(3.75, 8 ratings)

Prerequisite knowledge

  • Basic Docker knowledge
  • A general understanding of how to start and run containers

Materials or downloads needed in advance

  • A WiFi-enabled laptop with access to SSH (You'll be provided with a login to a cloud VM and need to be able to SSH into this machine. It's not possible to follow along on a local instance due to the need to download large images.)

What you'll learn

  • Understand the different ways in which a container can be compromised and the various methods that can be employed to protect containers

Description

Adrian Mouat demonstrates how to secure a modern, microservice-based system. You’ll start by running and hacking into a vulnerable system before switching roles and using various Docker tools and features to protect the system. While the tutorial focuses on Docker, the patterns and information can help secure any production container system.

Topics include:

  • Creating and running a simple container-based service
  • Switching roles to attack and compromise the service
  • Looking at how to respond to an attack
  • Investigating various ways to improve the security of the system, including scanning images for vulnerabilities and limiting the privileges of running containers
Photo of Adrian Mouat

Adrian Mouat

Container Solutions

Adrian Mouat is the chief scientist for Container Solutions, a pan-European services company that specializes in Docker and Mesos. Adrian has recently developed a Docker-based PaaS solution for a hosting company. He has written several successful blogs on Docker and is the author of the O’Reilly book Using Docker: Developing and Deploying Software with Containers. Adrian is a member of the Docker Captains program.