Everyone agrees that security is important, but in reality it’s often a tickybox at the end. And by the time someone is thinking about security, many individual decisions have been made along the way that make security much more difficult than it has to be.
Let’s look at the basics: all applications have vulnerabilities (known or not), so we want to sandbox them to limit the attack surface. Why doesn’t this happen in all cases? Sometimes tools aren’t user-friendly, requiring a lower-level knowledge of syscalls. To democratize application security, we can integrate seccomp filters into programming languages at build time. (We’ll look at a proof of concept in Golang!)
In practice, we don’t always have tools like seccomp and the Chrome sandbox at our disposal. We’ll finish up with a practical look at the landscape of defensive security in our cloudy containerized world. What can you do with your language stacks in your organizations? How do containers help secure applications? What constraints are containers tied to for the amount of security they provide? What tools are available today for making application sandboxing simpler? You’ll leave empowered to make better decisions around application security.
Jess Frazelle is a Software Engineer at Google. She was previously a Software Engineer at Docker. Jess Frazelle has served as a Maintainer of Docker, Contributor to Runc and Golang as well as other projects. Jess Frazelle is working on making containers more secure. She loves all things involving Linux namespaces and cgroups and is typecasted as the person who runs everything in containers.