[OWASP-Bangalore] Docker Application Pen Testing

Timo Goosen timo.goosen at owasp.org
Thu Jul 30 08:53:49 UTC 2015


Look for misconfigurations.

Docker is just what is used to put the code in. Any persistent storage will
be in a docker volume on the actual host.
Also docker is not a vm, its a container.

Some people think docker adds to security. Thats not true.

Regards.
Timo

On Thu, Jul 30, 2015 at 7:24 AM, N. V. R. K. RAJU <nvrkraju4 at gmail.com>
wrote:

>
> Hi All,
>
> I am trying to learn security/pen testing applications deployed in Docker.
>
> How will a pen test of application deployed in Docker differ from regular
> web app/ cloud app?
>
> What are all the tools available to test Docker deployed app?
>
> Should we testing or how should we be testing the application VM for any
> known vulnerabilities?
>
> Please share your experience working with Docker application security.
>
>
> --
> Regards,
> Raju
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> Twitter : @owaspbangalore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20150730/1a7d490e/attachment.html>


More information about the OWASP-Bangalore mailing list