Docker & Container Runtimes

Securing containerized node.js applications with Twistlock

Building and deploying secure web applications is a full stack effort. This guide focuses on the server side end of things for a web application in your scripting language of choice. Typically this involves: reducing attack surfaces, keeping everything up to date, and sticking to the principle of least privilege.

This isn’t surprising or new – and in fact operating systems have security oriented capabilities and tools baked in – but the introduction of containers makes it possible to benefit from these tools in a mostly automated zero-configuration way. A tool that is too hard to configure or is too inaccessible ends up not getting used at all. The ability to automate the tedious or error prone tasks results in an application that is more secure.

Related Post:  Distributed data analysis with plain UNIX commands and Docker Swarm

This guide will be using a sample node.js application and a real vulnerability in one of its dependencies to make everything a bit more concrete.

Related Post:  Display a list of available operating systems on Vultr in pretty JSON

Leveraging OS built-in security features

Linux has all of the building blocks necessary to lock down applications: file permissions, SELinux / AppArmor / seccomp. Docker even provides default profiles for AppArmor and seccomp. This should help us with the principle of least privilege but unfortunately those tools aren’t pleasant to work with.

Fortunately we can find out a lot about our application when it is properly containerized. Continue reading

Secure Cloud storage Tahoe LAFS

LinuxBSDos needs your donation to continue!

I hope this article has saved you valuable time and effort to fix a problem that would have taken more time than is necessary. That makes me happy, and why I love doing this. But because more people than ever are reading articles like this with an adblocker, ad revenues have fallen to a level that's not enough to cover my operating costs. That's why I want to ask you a favor: To make a one-time or recurring donation to support this site and keep it going. It's a small favor, but every one counts. And you can make your donation using Patreon or directly via Paypal. Thank you for whatever donation you're able to make.

Donate via Patreon. Donate via Paypal.

Aside from donation, you may also signup to receive an email once I publish new content. Your email will not be shared or traded to anyone. And you can unsubscribe at any time.

Please share:
Tags:

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*