Container Security: Fundamental Technology Concepts that Protect Containerized Applications

Don't hesitate to purchase this book if you want to quickly learn how to secure container containers. Liz does a great job of explaining relevant security concepts well without belaboring them and she provides enough detail at sufficient depth to provide you with a level of understanding that you may not get from the material you curate yourself. In a nutshell, she arms you with the information you need to have well informed, risk-based discussions with your platform and software engineers about how to optimally secure containerized services. The book is and will remain relevant for quite some time.

The book is well written, with clear examples. Great information on security fundamentals for containers.

Bad paper quality, haven't read the book yet.

Don't want to leave an exaggerated review, but any developer knows how difficult it is to find books that bridge the divide between high-level promotional 'documentation' and underlying implementation. This is the best book I've read on the internal implementation of containers: cgroups, namespaces, and the other underlying linux constructs of containers. All of which is highly accessible. Also it is difficult to find security books that involve implementation, not just policies and management. This is a rugged, hands on intro to containers, and a very practical security book. Dear author: more please! Looking forward to version 2!

Liz's philosophy is that in order to secure you must first understand. This is great, as she dives in early (with great examples) into what exactly containers are for the first third of the book. After that she goes into the concepts and prescriptions for securing your containers, building upon the initial fundamental knowledge. I don't think I've ever found such a conglomeration of such knowledge in one single book. If you want to secure (and know why or how) Docker and/or Kubernetes, this book is a must!

In reading this, you will learn about container security. But you'll also learn about what makes a container a container. I highly recommend this book if you're interested in answering the question "what is a container, *really*?"

The authors "Containers from Scratch" conference presentations in 2018 really helped me understand the technology of containers and the operating system components they comprise. This book continues the approach with deep explanations but accompanied with working examples that are relatively easily to follow on along with. A learning style I find works very well for me.

Liz did a great job explaining the basics for anyone new to containers, and a good refresh for those already using them. Would recommend for any security professional to read.

As melhores parte são as explicações sobre os Namespaces para Container Isolation e Container Network Security, já li ele 2 vezes e pretendo ser alguns capítulos novamente... Parabéns há todos os envolvidos nesta bela obra.

Good book

Summary: Overall I found the book informative and well structured. It helped me clear some concepts around containers, their interaction with the operating system and their security.This book is a broad inspection of many technologies that can help you secure your containers throughout their lifecycle. Although the author does not go into many details for each and every technology covered, she puts emphasis on the ones that are important (e.g. she explains the linux kernel namespaces, cgroups and capabilities which are essential to understand how containers work).Also, a big plus for me is that the book has the proper page count: it's not too brief (you get a lot of info) and not too lengthy (so that you lose yourself in non-essential text).I recommend the book to everyone that is already working with containers; for the people that are not already familiar with them, it may seem a bit advanced (this is also stated in the "Who this book is for" section of the book).

I read this book with understanding of infosec, and a bit about Kubernetes. There's a lot written about these two topics independently. While other researchers (like Ian Coldwater) have done great work, nothing is published as a book.The book does well in introducing pretty basic concepts and I think you can start with this book if you have very little knowledge about container security.The parts about how to apply basic Linux security measures (like capabilities) to containers is something particularly good.The security checklist in the Appendix is a great summary of the book. It outlines key security things to look for when hardening your system. It makes back references to other chapters in the book (and external resources) so it's really easy to follow. It's impossible to create a complete list but this does pretty well.There's no BS in this book, and there is no spin. The author is quite clear on the limitations of this technology and the need for built-in features. Running containers as root is crazy, and Rice does not downplay this.I have two wishes:- that there's a better description of exploits that go along with the checklist. This can help pen testers significantly- updates as security research (and container security) developsThere are very few resources online that summarize this topics so well.

I've followed Liz on twitter for a number of years as part of trying to keep on top of security and best practices, so when I saw this come out I added it to my wish list. At work we are starting to make use of EKS so now felt like a good time to get up to speed on security before we get too far down a road we can't get out of !Lots of topics in here, all well explained with examples, some threats I already knew about, but a number of vectors that I had not considered before, including diving deep into how containers actually run on a cluster.Anyone working with containers ought to buy and read this.