SecDevOps in Docker IBM Cloud: Top 5 Security tips for Integrity


  • A few of points that less of people concerns about – or even implement it – but that might eventually harm the Application or event the Business by itself. Today is about Security.

  • Below I am going to list the Top 5 Security Matters for a Stable and Secure Containerization in IBM Cloud repository. Look at that and enjoy:

1 – Kernel Expoitation

Different than a Virtual Machine, where Hypervisor does not share the same Kernel as it’s Host, the kernel is shared between all the containers inserted at same Host. It increases the pervasiveness exploitation.

Recommendation: Keep Patch Management Up to Date.

2 – Denial-of-Service Attacks

Since all containers within same Host shares the same kernel’s resrouces, if one container monopolizes the resources’s access, including memory or even UIDs, the exposure of lack of resources to others container may unleash a DoS.

Recommendation: Make sure containers are one-directional to access resources and create Keys to communicate between them.

3 – Hacking Containers

The premise is: A hacker must not access the Host through Container breakout.

Recommendation: Do not use root in the Container, because he will be root on Host.

4 – Images Integrity

How do you know and make sure the images are not poisoned?

Recommendation: Make sure the namespaces IBM Cloud are used all time on every commit as well.

5 – Application Data Leak

When a container accesses some database or service, usually uses a password and username for.

Recommendation: Use an isolate container for Data and don’t leave it running, Use as well keys not explicit in Dockerfiles during it’s build.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google

Você está comentando utilizando sua conta Google. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )

Conectando a %s