Resources for "Don't Have A Meltdown"

Six practical tips for securing your container-based deployment

Static analysis

Protecting against common attack vectors like SQL injection.

• Golang static analysis - GoASTScanner/gas
• List of static analysis tools
• source{d} are doing really interesting things with machine learning on source code and guided review

TLS scanning

Protecting you from leaving your connections unsecured.

• testSSL

Image scanning

Protecting you from known exploits.

• Docker Enterprise Edition image scanning
• MicroScanner

Container OS

Minimizing your attack surface to reduce likelihood of both known and unknown vulnerabilities being present.

• A Container OS comparison
• CIS Docker benchmark and docker-bench
• CIS Kubernetes benchmark and kube-bench

Limit bind mounts & privileges

Limiting the potential effect of an attack.

• Avoid running as root: canihasnonprivilegedcontainers
• Jess Frazelle on the privileged flag

Runtime protection

Protecting you from attacks that cause your containers to behave in unexpected ways.

• Default Docker AppArmor and seccomp profiles
• Aqua's runtime protection

See also

• xkcd on security advice and SQL injection
• GDPR regulations
• PCI standards