Docker & Container Runtimes

Securing containerized node.js applications with Twistlock

Building and deploying secure web applications is a full stack effort. This guide focuses on the server side end of things for a web application in your scripting language of choice. Typically this involves: reducing attack surfaces, keeping everything up to date, and sticking to the principle of least privilege.

This isn’t surprising or new – and in fact operating systems have security oriented capabilities and tools baked in – but the introduction of containers makes it possible to benefit from these tools in a mostly automated zero-configuration way. A tool that is too hard to configure or is too inaccessible ends up not getting used at all. The ability to automate the tedious or error prone tasks results in an application that is more secure.

Related Post:  Setting up a RabbitMQ container using Rancher

This guide will be using a sample node.js application and a real vulnerability in one of its dependencies to make everything a bit more concrete.

Related Post:  Provision Dockerized hosts on Vultr with Docker Machine from Linux Mint 18.1, Ubuntu 16.04

Leveraging OS built-in security features

Linux has all of the building blocks necessary to lock down applications: file permissions, SELinux / AppArmor / seccomp. Docker even provides default profiles for AppArmor and seccomp. This should help us with the principle of least privilege but unfortunately those tools aren’t pleasant to work with.

Fortunately we can find out a lot about our application when it is properly containerized. Continue reading

Secure Cloud storage Tahoe LAFS

JOIN OUR NEWSLETTER
Enjoying the article you're reading? Subscribe to our newsletter to receive updates and new articles as soon as they are published - right in your Inbox
We hate spam. Your email address will not be sold or shared with anyone else.
Please share:
Tags:

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*