HackDig : Dig high-quality web security articles for hacker

Image Scanning with Github Actions

In this blog post, you will learn how to setup image scanning with Github Actions using Sysdig Secure DevOps Platform. We will create a basic workflow to perform a local scan to detect vulnerabilities and bad practices before the image is pushed to any registry. We will also customize scanning policies to stop the build according to a set of defined rules.
Publish At:2020-01-14 23:50 | Read:173 | Comments:0 | Tags:Sysdig Secure Docker Github Github Actions Kubernetes

Why Running a Privileged Container in Docker Is a Bad Idea

By David Fiser and Alfredo Oliveira Privileged containers in Docker are, concisely put, containers that have all of the root capabilities of a host machine, allowing the ability to access resources which are not accessible in ordinary containers. One use case of a privileged container is running a Docker daemon inside a Docker container; another is where the
Publish At:2019-12-20 14:35 | Read:390 | Comments:0 | Tags:Cloud Container Security Docker Privileged Container

TROOPERS20 Training Teaser: Swim with the whales – Docker, DevOps & Security in Enterprise Environments

Containerization dominates the market nowadays. Fancy buzzwords like continuous integration/deployment/delivery, microservices, containers, DevOps are floating around, but what do they mean? What benefits do they offer compared to the old dogmas? You’re gonna find out in our training! We are going to start with the basics of Docker, Containers and DevO
Publish At:2019-12-02 05:15 | Read:495 | Comments:0 | Tags:Misc DevOps Docker K8 kubernetes TROOPERS TROOPERS20

Graboid Cryptojacking Worm Has Struck Over 2K Unsecured Docker Hosts

Researchers discovered a new cryptojacking worm called “Graboid” that has spread to more than 2,000 unsecured Docker hosts.In its research, Palo Alto Networks’ Unit 42 team noted that it’s the first time it’s discovered a cryptojacking worm specifically using containers in the Docker Engine for distribution. (It’s not the
Publish At:2019-10-18 10:10 | Read:417 | Comments:0 | Tags:IT Security and Data Protection Latest Security News cryptoj

“TorWitness” Docker Container: Automated (Tor) Websites Screenshots

The idea of this Docker container came after reading the excellent Micah Hoffman’s blog post: Dark Web Report + TorGhost + EyeWitness == Goodness. Like Micah, I’m also receiving a daily file with new websites discovered on the (dark|deep) web (name it as you prefer). This service is provided by @hunchly Twitter account. Once a day, you get an XLS
Publish At:2017-10-25 15:50 | Read:3455 | Comments:0 | Tags:Docker Software Tor Website

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:2763 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

Docker Enterprise Edition Now on G-Cloud 9 Framework

  Docker Enterprise Edition (EE) has been accepted to G-Cloud 9, further exemplifying Docker’s commitment to delivering tools for application modernization and innovation across the UK public sector. G-Cloud 9 is the UK government’s latest framework that is designed to simplify and accelerate adoption of cloud-based services within the public sector. The inc
Publish At:2017-06-06 08:45 | Read:3623 | Comments:0 | Tags:Docker Orchestration Partners Releases Security docker Docke

Get all the Docker talks from Tech Field Day 12

As 2016 comes to a close, we are excited to have participated in a few of the Tech Field Day and inaugural Cloud Field Day events to share the Docker technology with the IT leaders and evangelists that Stephen Foskett and Tom Hollingsworth have cultivated into this fantastic group.  The final event was Tech Field Day 12 hosting in Silicon Valley. In case you
Publish At:2017-05-24 19:06 | Read:3164 | Comments:0 | Tags:Docker Education Engine Events Networking Security docker fo

Tips for Troubleshooting Apps in Production with Docker Datacenter

If you have been using Docker for some time, after the initial phases of building Dockerfiles and running a container here and there, the real work begins in building, deploying and operating multi-container applications in a production environment.  Are you operationally ready to take your application to production? Docker Datacenter provides an integrated
Publish At:2017-05-24 19:06 | Read:4169 | Comments:0 | Tags:Docker Engine Orchestration Security docker datacenter docke

Introducing Docker Secrets Management

Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware – it fundamentally abstracts it from the infrastructure. Docker believes that there are three key components to container security and together they result in
Publish At:2017-05-24 19:05 | Read:3825 | Comments:0 | Tags:Docker Engine Engineering Security Container Security Docker

Announcing LinuxKit: A Toolkit for building Secure, Lean and Portable Linux Subsystems

  Last year, one of the most common requests we heard from our users was to bring a Docker-native experience to their platforms. These platforms were many and varied: from cloud platforms such as AWS, Azure, Google Cloud, to server platforms such as Windows Server, desktop platforms that their developers used such as OSX and Windows 10, to mainframes an
Publish At:2017-05-24 19:05 | Read:3735 | Comments:0 | Tags:Docker DockerCon Engine Engineering Networking Releases Secu

Docker Enterprise Edition Brings New Life Back to Legacy Apps at Northern Trust

Many organizations understand the value of building modern 12-factor applications with microservices. However, 90+% of applications running today are still traditional, monolithic apps. That is also the case for Northern Trust – a 128-year old financial services company headquartered in Chicago, Illinois. At DockerCon 2017, Rob Tanner, Division Manager
Publish At:2017-05-24 19:05 | Read:3492 | Comments:0 | Tags:Docker DockerCon Security Docker EE Docker Enterprise Editio

Common Solutions for DevOps and Discrete Manufacturing

Near the bleeding edge of technology, there’s a lot of talk (and work) around DevOps and the use of containers for delivering services. This is a fast-paced environment where services are spun up and down to meet demand in an elastic cloud and code is shipped to production multiple times a day. It’s also an area where security is far from ‘figured out,’ but
Publish At:2017-03-08 04:11 | Read:4090 | Comments:0 | Tags:Featured Articles ICS Security DevOps Docker security

Understanding how Kubernetes DNS Services work

Kubernetes allows you to create container groups and define services on top of them. Kubernetes assigns each service a virtual static IP address routable within the cluster, so any connection that reaches this IP address will be automatically routed to one of the containers in the group. The benefit of using services is that you are able to access the fun
Publish At:2017-01-19 23:00 | Read:4358 | Comments:0 | Tags:Uncategorized Sysdig docker Kubernetes

On Monoliths, Kubernetes, and Monitoring: Transitioning to Docker at Major League Soccer

Earlier this week at Tectonic Summit hosted by CoreOS, we heard Brian Aznar speak about his experience migrating to Docker and Kubernetes, and how his monitoring strategy changed as well. Brian is the director of engineering for Major League Soccer. Brian was interviewed by Loris Degioanni, founder of Sysdig. Below is the text of the conversation, slight
Publish At:2017-01-19 23:00 | Read:4663 | Comments:0 | Tags:Uncategorized Sysdig Cloud docker Kubernetes containers MLS

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud