[Owasp-germany] Stammtisch in Hamburg am 27.3.: OWASP Docker Top 10 -- in Engli(s)ch

Dirk Wetter dirk at owasp.org
Fri Mar 15 11:48:55 UTC 2019

Moin Hamburg und Umgebung,

als kleines wissenschaftliches oder auch nicht Experiment, haben wir den
nächsten als Vortrag in Hamburg in Englisch -- auf Nachfrage einiger
nicht primär Deutsch sprechender ITler.

Das soll keine Abschreckung sein für etwaige Sprecher, die in Deutsch
vortragen wollen. Im Gegenteil: Das Jahr ist noch jung, wer ein
relevantes Vortragsthema hat, kann^Wsollte mich gerne kontaktieren.

Title: "OWASP Docker/Container Top 10"
Speaker: Dirk Wetter
Location: XING. 8th floor, Dammtorstraße 30
Start: 6:30 pm
Place for networking afterwards: TBD

Docker and Containerization in general offer several advantages for developers: They fit better in
software development processes. They enable fast, reproducible deployments and e.g. when properly
done with one change the same container could run either in a test or production environment.
Also, sysadmins are not stopping developers' zest for action.

As far as security is concerned Docker itself provides several security advantages. However
containerization technology is not as straightforward if you run more than one container.
It becomes more complex to handle as the attack surface becomes bigger. A typical mistake is that
the developers get blinded by the easiness and neglect to see beyond their container, or security
features are just not being used.

In addition marketing sometimes is giving you a feeling that without containerization your IT
stinks and is downplaying risk.

So, now what?

To avoid security pitfalls and having a solid security baseline a proper fundamental approach is needed.

This is the point where the Docker OWASP Top 10 (WIP) chimes in. By using a threat model approach,
first the attack surface will be defined and based on that, 10 bullet points as controls will be
presented. They start from important Do's and Dont's to advanced controls which can be used to
tighten security further.

OWASP Stammtisch in General
Our meeting is about web applications and their (in)security and/or about information security in general.
People come together who care as a hobby or in their job about security: developers, managers, pentesters
and everybody else who's interested. The atmosphere is open and relaxed. Who's coming to sell products or
services: Move on, this is not the right place. OWASP is about education and sharing (mostly) technical information.
Feel free to forward our meetup information to your colleagues or friend. They are welcome, too.
Participation is free and open -- as the O in OWASP.

Please drop me a line if you want to come as space is limited OR just check the RSVP box at Meetup

Cheers, Dirk

More information about the Owasp-germany mailing list