Docker & Container Runtimes

Securing containerized node.js applications with Twistlock

Building and deploying secure web applications is a full stack effort. This guide focuses on the server side end of things for a web application in your scripting language of choice. Typically this involves: reducing attack surfaces, keeping everything up to date, and sticking to the principle of least privilege.

This isn’t surprising or new – and in fact operating systems have security oriented capabilities and tools baked in – but the introduction of containers makes it possible to benefit from these tools in a mostly automated zero-configuration way. A tool that is too hard to configure or is too inaccessible ends up not getting used at all. The ability to automate the tedious or error prone tasks results in an application that is more secure.

This guide will be using a sample node.js application and a real vulnerability in one of its dependencies to make everything a bit more concrete.

Leveraging OS built-in security features

Linux has all of the building blocks necessary to lock down applications: file permissions, SELinux / AppArmor / seccomp. Docker even provides default profiles for AppArmor and seccomp. This should help us with the principle of least privilege but unfortunately those tools aren’t pleasant to work with.

Fortunately we can find out a lot about our application when it is properly containerized. Continue reading

Secure Cloud storage Tahoe LAFS

Subscribe to LinuxBSDos.com

Subscribe to receive the latest articles in your Inbox

I agree to have my personal information transfered to MailChimp ( more information )

Trust me, you'll not be spammed...

Please share:
Tags:

We Recommend These Blockchain Conferences and Servicess

Register now for Blockchain & Decentralized Tech SuperSummit, international conference on blockchain technnology in Dallas, TX (USA), October 30 - November 2, 2018

Learn how to trade cryptocurrencies profitably using technical and fundamental analysis at BDT SuperSummit

Best binary auto trading software reviews by 7binaryoptions.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).


Leave a Comment

Your email address will not be published. Required fields are marked *

*