no-meltdown
no-meltdown copied to clipboard
Resources for "Don't Have A Meltdown"
Resources for "Don't Have A Meltdown"
Six practical tips for securing your container-based deployment
Static analysis
Protecting against common attack vectors like SQL injection.
- Golang static analysis - GoASTScanner/gas
- List of static analysis tools
- source{d} are doing really interesting things with machine learning on source code and guided review
TLS scanning
Protecting you from leaving your connections unsecured.
Image scanning
Protecting you from known exploits.
Container OS
Minimizing your attack surface to reduce likelihood of both known and unknown vulnerabilities being present.
- A Container OS comparison
- CIS Docker benchmark and docker-bench
- CIS Kubernetes benchmark and kube-bench
Limit bind mounts & privileges
Limiting the potential effect of an attack.
- Avoid running as root: canihasnonprivilegedcontainers
- Jess Frazelle on the privileged flag
Runtime protection
Protecting you from attacks that cause your containers to behave in unexpected ways.
- Default Docker AppArmor and seccomp profiles
- Aqua's runtime protection
See also
- xkcd on security advice and SQL injection
- GDPR regulations
- PCI standards