Comments (7)
Thanks!
You're right. partly however it is there - in the threat model at least., see https://github.com/OWASP/Docker-Security/blob/master/001%20-%20Threats.md.
The concrete point belongs to D08. This needs to be filled with content and it was planned in the spring, when I had more time than I have now. Feel feel starting with that with what you intended, similar to the scheme of the other points which have content. PR's are appeciated.
For k8s: Sigh, yes. What I had in mind is at least add something like a remark in the respective points, like "you should use a ~proper network policy", "pod security policy" and "not rely on the IMO defaults". So in a sense mention the weak points but do not go too much in detail.
from docker-security.
Can this issue be closed?
from docker-security.
Hi
I have t had time to do this, apologies. Yes, close it and at some point I will try to complete it
from docker-security.
I'd rather leave this open at the moment as I on my list was a review of the vector specific threats and maybe then an addition of specific threats.
from docker-security.
from docker-security.
@Aut0R3V : if you want to spend some cycles: you could work on a threat map like the one Timo contributed:
https://raw.githubusercontent.com/OWASP/Docker-Security/master/assets/threats.png
First, that should be in an editable format, preferably SVG. Then: It's halfway between the general threats / vectors as I described in the text and specific threats. So either it should be one or the other. ;-)
To give you an idea I am attaching an SVG I used for a talk a while back which can be used as a starting point
PS + OT: Seems for security reasons I needed to gzip the SVG
from docker-security.
Thanks a lot! I'll get started in sometime.
from docker-security.
Related Issues (20)
- D01 - Secure User Mapping: Namespaces HOT 2
- CONTRIBUTING.md missing
- Add year of document release to numbering scheme HOT 2
- Image Scanning in D02 HOT 2
- Typo "then" (instead of "ten") in cover.jpg (assets/cover.xcf) ? HOT 4
- Rendered PDF seems to have broken letter spacing, makes reading a lot less enjoyable HOT 4
- Cover should mention "CC-BY-NC-SA 4.0 International", not just Creative Commons HOT 4
- [D01] Issues with relying on (or advertising) Docker instruction "USER <user>[:<group>]"
- owasp/modsecurity vulnerabilites HOT 3
- Translation to Brazilian Portuguese and Contributions HOT 3
- Fix or replace gitbook (in Dockerfile)
- Gitbook error: "TypeError: cb.apply is not a function" HOT 8
- PDF generation: Replacement for gitbook-cli (and maybe calibre)? HOT 3
- Create copyright and license section
- Trailing page(s) of document
- D02 - Patch Management Strategy Suggestion
- MD to PDF HOT 49
- D06,D08,D09,D10 content lost
- Addition to the threat mindmap might be needed HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-security.