Demystifying a Docker Image
Six months ago ForAllSecure started analyzing Docker images. What does this mean? Imagine we have a user who wants us to fuzz their application. How do they give it to us? Do they tar it up? Do they give us access to an environment where it’s running? Do we integrate into their build pipeline? Applications are an entire ecosystem — they require specific library versions, environment variables, users, etc. While it may seem like a small limitation conceptually, this added barrier can contribute to the friction between development and security teams, especially as organizations look to incorporate security as a part of their build cycles.
[Our thoughts]: using containers can be helpful due to convenience and reduce costs. But they require more intense analysis because hackers can use shard attacks on containers which are harder to catch. Consider how a container is used compared to a full machine - this is why attackers don't need to concern themselves with some attacks against containers.