Top 22 Docker Security Best Practices: Ultimate Guide

Aqua Cloud Native Blog \ Categories: CONTAINER SECURITY

CONTAINER SECURITY
Top 22 Docker Security Best Practices: Ultimate Guide
While Docker has become synonymous with containers, various container tools and platforms have emerged to make the process of developing and running containers more efficient. Still, a lot of the same principles around Docker security apply for protecting container-based applications built with other tools as well. We compiled 20 essential Docker security best practices into …
Read more
CONTAINER SECURITY
Boosting Container Security with Rootless Containers
If there is a single best practice for container security, it is to avoid running containers as root. Rootless containers are making this much easier – almost effortless, even. In this blog, I’ll talk about why you should be avoiding root in containers, what rootless containers are, and how they are going to help.
Read more
CONTAINER SECURITY
Scan Container Images for Vulnerabilities & Hidden Malware with Aqua Wave
With an ever-evolving threat landscape, bad actors increasingly target container infrastructure, installing sophisticated malware into images that changes its behavior to evade detection. As static scanning is not designed to spot such advanced threats, it’s critical to perform dynamic analysis to detect suspicious behavior in real time.
Read more
CONTAINER SECURITY
Dynamic Threat Analysis for Container Images: Uncovering Hidden Risks
Container images are a growing path for external code to enter an organization. Docker has simplified image workflow in order to encourage adoption by developers, so anyone can pull and run images that were built and pushed to Docker Hub, often by unknown individuals. This is being exploited by malicious actors to embed sophisticated malware …
Read more
CONTAINER SECURITY
Tracee: Tracing Containers with eBPF
This week at Velocity Berlin, I’ll be giving a talk called A Beginner’s Guide to eBPF. To coincide with it, we’re opening up a new Aqua Security open source project called Tracee, which uses eBPF to trace events in containers. This isn’t something that most developers need to do on a day-to-day basis, but for those …
Read more
CONTAINER SECURITY
Scanning Image Layers, Prometheus, and Harbor Integrations
One of the key challenges in container image scanning is understanding where a vulnerability originated in an image, and who can fix it. Image layers allow us to do that, and Aqua’s scanner now allows us to pinpoint discovered vulnerabilities to a specific layer.
Read more
CONTAINER SECURITY
Amazon Firecracker: Isolating Serverless Containers and Functions
Infrastructure protection, sandboxed containers, MicroVM hypervisors– these are interchangeable terms describing emerging technologies to isolate micro-services from their underlying infrastructure. These isolation technologies aim to protect the underlying host that runs containers and functions against malicious escape and breakout attempts into other targets on the same host or on the shared infrastructure. They attempt to provide VM-level isolation …
Read more
CNAPP, CONTAINER SECURITY
Istio: The Enterprise Upgrade Path to Microservices
Istio, Google’s open source project for large scale, containerized application management was released in May 2017 and has undergone rapid development since then, culminating in the landmark 1.0 release in July 2018. In this blog post we will be exploring what Istio is, how it works and how to adopt it. In subsequent articles in …
Read more
CONTAINER SECURITY
“Thin OS” Security for Container Hosts
In the spectrum of deployment options available for cloud native applications, the most widely used option, at least presently, is running containers on VMs that use the Linux operating system (or less frequently, bare-metal servers running Linux).
Read more
CONTAINER SECURITY
Securing ISV-Provided Container Images
Containers make it very easy to package and deliver applications, so it’s not surprising that many ISVs (Independent Software Providers) are leading the trend of packaging their software, whether it’s commercial off-the-shelf (COTS) or custom-developed code, as container images. These images are then fed into the enterprise customer’s CI/CD pipeline, and are often treated in …
Read more
CONTAINER SECURITY
Preventing Container Breakouts with Dynamic System Call Profiling
Recently, IBM researchers weighed in on container isolation, having developed an algorithm for measuring how well it works, and reached the conclusion that “a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor.“
Read more
CONTAINER SECURITY
AWS Fargate Security with Sidecars
A few months ago we launched the Aqua MicroEnforcer, the first solution for providing runtime protection to a container running in Containers-as-a-Service platforms like AWS Fargate or Azure Container Instances. The mechanism I wrote about at the time involved building a protected version of a container image being deployed, by adding the MicroEnforcer executable into …
Read more
Page 2 of 4‹ Prev1234Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links