Questions tagged [docker]
Docker is a popular virtualization solution that provides virtualization within an operating system for reusable packages of software called containers. More information available at docker.com.
209 questions
1vote
1answer
115views
How to securely build code from the internet on my servers?
I need to create a build server which will clone code from GitHub (npm repositories) and then build an OCI image using Buildpack or Nixpack. I am currently researching how to achieve this securely ...
- 113
1vote
0answers
61views
Is reducing the webserver stack from Caddy, NGINX and PHP-FPM to only Caddy and PHP-FPM a reduction in layered-security?
I have a situation where a webserver behind a network firewall is ran inside of Docker containers. It is setup in this order: Caddy webserver - acts as WAF, GEOIP block, IP blacklist, HTTP Security ...
- 7,657
1vote
1answer
183views
Why are the unsafe challenges in OWASP Juice Shop a security risk in containerized environments? [duplicate]
OWASP Juice Shop is a popular tool for web security training, demos and learning. I am using the provided docker container and hosting it in a dedicated computer. However, there are certain challenges ...
1vote
0answers
89views
What is the difference between enhanced container isolation projects like runq, Kata Containers, Firecracker and gVisor?
I'm diving into different solutions to use (virtual machine based) isolation for containers. I found these promising projects: runq, Kata Containers, Firecracker and gVisor. I think that runq, Kata ...
- 7,657
0votes
1answer
172views
Does it matter (and go widely unnoticed) that GitLab CI+docker-executor produces world-writable files, or do "we" need to raise awareness for that? [closed]
I have a vague feeling that there is a wide spread security problem which goes unnoticed. I'm trying to find out how to check the level of relevance and awareness out there or how to maybe raise it. ...
1vote
0answers
175views
Should I house my organization's root CA certificate in public github repostiory?
We have a public repository of a software that uses Docker container. Any thing that runs within the organization sees certificates signed by our org's root CA. For the container to run properly ...
- 111
1vote
0answers
48views
Are libc security vulnerabilities in a Python web application actually exploitable in a private cloud environment?
We use a Python web framework and gunicornlibrary on top of Docker to power a web application with a frontend in a private cloud that can be accessed by a private network. Our security tools report ...
1vote
1answer
250views
Edge browser + Docker: proxy settings for Burp Suite
This is my case: I'm trying DVWA in a Docker container localhost:4280. I want to test this webapp with Burp Suite (which listen to port 8080) and Microsoft Edge browser. I'm on Windows 11 The way to ...
0votes
1answer
142views
Do I need to implement additional security measures for my self-hosted container web app?
Could you please suggest if I need to do anything else to ensure that my server is secure against the most common attacks? Currently it seems fine to me, but I would highly appreciate if someone with ...
-1votes
1answer
242views
How to use `docker secret` to prevent secrets from being seen in plain text by unauthorized individuals
I am exploring how to use docker secrets, but all the secrets are visible in plain text format to anyone who can use the docker command. How do I ensure all secrets are sufficiently protected and not ...
- 307
0votes
0answers
191views
Connecting Logstash To Elasticsearch via SSL (Docker Container)
My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network. I am trying to setup SSL between the 2 of them (this ...
1vote
0answers
767views
I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]
TL;DR The container's environment variable can be queried many ways, with native docker tools or 3rd party tools. The docker admin user (or any user in the docker group) not necessary dba on a ...
- 230
0votes
1answer
357views
Safe or not? Elasticsearch on localhost through Docker
I am learning to run Elasticsearch in a Docker container on a laptop. For a start, I expect running it on localhost. The laptop is connected to the Internet. Is that unsafe? I remember that ipython/...
- 103
1vote
1answer
312views
Why is ip forwarding for a ECS instance being flagged as a vulnerability?
I am very new to this and was asked to address some security patches on various ec2 instances in our AWS account. Mostly this was a matter of using the Security Manager to connect to the instance and ...
- 21
1vote
1answer
271views
Network security in Docker containers
I am currently involved in enhancing the security of a Docker-based web application.The application follows a traditional three-tier architecture, comprising a web app, an application layer, and a ...
