Conference Venue: RAI Amsterdam, Europaplein 24, 1078 GZ Amsterdam, The Netherlands

Book Hotel click HERE
Back To Schedule
Thursday, September 26 • 4:05pm - 4:50pm
OWASP Docker Top 10

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Docker and Containerization in general offer several advantages for developers: They fit excellent in software development processes, they enable fast development cycles, reproducible deployments and with little change the same container can run either in a test or production environment. Last but not least: it always seems a cool thing for developers. Some DevOps marketing companies realized that, telling you your business will fall behind if you're not in the container business as the "time to market" is just too long. So far, so good. Or not? A catch is that an average developer is no expert in system and network security. Container security is a system and network topic though. And also if you have system and network security knowledge, you first need to fully understand the technology. Even big players seem still on the learning curve as several researches and incidents in 2018 showed. But also the containerization technologies like CoreOS and Kubernetes showed surprising flaws in the recent past. This mixture of complexity and/or lack of acknowledging it's not KISS and a lack of system knowledge are not good start conditions for a building and operating a secure container environment. This is the point where the OWASP Docker Top 10 chimes in. By using a threat model approach, attack surfaces were defined first. Based on that, 10 controls evolved. The speaker will show an overview over the 10 points and some practical examples (also bad ones) to demonstrate pitfalls. The OWASP Docker Top 10 is a defender project. It starts from important Do's and Dont's to more advanced controls which could help you to make your environment almost bullet proof.

avatar for Dirk Wetter

Dirk Wetter

Dirk Wetter (Ph.D.) is an independent security consultant with more than 20 years of professional experience in information security. He has a broad technical and information security management background. He has published over 60 articles in computer magazines.His primary focus... Read More →

Thursday September 26, 2019 4:05pm - 4:50pm CEST