Contribute Media
A thank you to everyone who has made this possible: Read More

DevOps Security — Protect Your Application From Being Owned

Summary

In addition to outlining strategies for proper configuration of unattended security updates, this talk briefly covers how to maintain the security of Docker container environments, where the above strategies generally do not apply. In such environments, an entirely different approach and workflow is usually required.

Description

Heartbleed, Shellshock, POODLE, GHOST… With severe security vulnerabilities on the rise, how can developers protect the systems used to deploy their applications? Unattended package upgrades can help, but only if they are properly set up and monitored. Some of the challenges include:

  • many popular virtual private server (VPS) providers do not install or enable automatic security updates in their OS images
  • “unattended-upgrades” on Debian-based systems installs automatic security updates but does not actually enable them, potentially putting unsuspecting users at risk
  • some security updates (e.g., kernel-level) require a server reboot to take effect, and yet users often don’t realize this until the next time they log in, resulting in a system that is vulnerable in the interim

Details

Improve this page