[OWASP-Bangalore] Docker Application Pen Testing

Timo Goosen timo.goosen at owasp.org
Thu Jul 30 08:53:49 UTC 2015

Look for misconfigurations.

Docker is just what is used to put the code in. Any persistent storage will
be in a docker volume on the actual host.
Also docker is not a vm, its a container.

Some people think docker adds to security. Thats not true.


On Thu, Jul 30, 2015 at 7:24 AM, N. V. R. K. RAJU <nvrkraju4 at gmail.com>

> Hi All,
> I am trying to learn security/pen testing applications deployed in Docker.
> How will a pen test of application deployed in Docker differ from regular
> web app/ cloud app?
> What are all the tools available to test Docker deployed app?
> Should we testing or how should we be testing the application VM for any
> known vulnerabilities?
> Please share your experience working with Docker application security.
> --
> Regards,
> Raju
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> Twitter : @owaspbangalore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20150730/1a7d490e/attachment.html>

More information about the OWASP-Bangalore mailing list