Finding leaked credentials in Docker images - How to secure your Docker images

preview_player
Показать описание
Docker can be a blind spot for security, in this video we look at leaked credentials inside docker images. We evaluate how leaked secrets like API keys and certificats are leaked into docker images, how we can detect them and how we can protect our own images.

Resources:

Intro: 0:00
What are secrets: 0:49
What is docker: 2:10
Inside docker images: 3:24
Examples of leaked secrets: 5:19
How secrets leak in docker images: 7:08
Docker security research: 10:00
Scanning Docker for secrets: 11:40
Wrap-up: 16:41
  1. GitGuardian
  2. docker
  3. docker security
  4. devsecops
  5. dockerscanning
  6. gitguardian
Рекомендации по теме
Finding leaked credentials 0:16:58

Finding leaked credentials in Docker images - How to secure your Docker images

How to create 0:02:10

How to create and use a Docker secret from a file

Detect Secrets In 0:01:34

Detect Secrets In Docker Images With ggshield - The GitGuardian CLI

Managing Docker registry 0:02:08

Managing Docker registry credentials in production!

Researchers found 46,076 0:00:59

Researchers found 46,076 Docker containers leaking sensitive data

Docker using native 0:00:36

Docker using native OS credentials store

[Webinar] Hunting for 0:47:02

[Webinar] Hunting for Secrets in Docker Hub: what we have found and how you can prevent it.

docker: secrets at 0:08:22

docker: secrets at build time! (intermediate) anthony explains #544

Docker Secrets Management 0:11:07

Docker Secrets Management [German]

Quickly check the 0:04:36

Quickly check the Dark Web for your leaked credentials… without ACTUALLY checking the Dark Web

NEVER buy from 0:00:46

NEVER buy from the Dark Web.. #shorts

Gaining initial access 0:32:49

Gaining initial access by exploiting leaked credentials - DevConf.CZ 2023

Profil3r - OSINT 0:05:08

Profil3r - OSINT tool that allows you to find a person's accounts and breached emails | Kali Li...

the docker registry 0:17:04

the docker registry api (advanced) anthony explains #476

Secret Management with 0:15:14

Secret Management with Ansible Vault and docker-compose

How to avoid 0:21:46

How to avoid add secrets on a Docker (Dockerfile)

how do you 0:02:28

how do you manage secret values with docker-compose v3.1?

Docker Secrets - 0:15:42

Docker Secrets - Postgresql Service with docker secrets

How to secure 0:05:52

How to secure your Docker containers! (5 practical tips with example Dockerfiles! 🐳)

ARG and ENV 0:00:59

ARG and ENV in your Dockerfile

BlackAlps 2022: Exploiting 0:42:44

BlackAlps 2022: Exploiting Secrets - How Leaked Credentials Can Be Exploited by Mackenzie Jackson

How to Securely 0:17:39

How to Securely Manage Secrets in Containers

How to know 0:10:19

How to know if your PC is hacked? Suspicious Network Activity 101

DevOps Tutorial : 0:12:17

DevOps Tutorial : Docker Secrets

Комментарии
Автор

this video should be 100K, one more sub here +1, quality + voice + resolution, sound . clean, what more we need .
thanks a lot, totally new usful info which helps a lot in real life scenario . please video on using Buildkit for build images, regards

RABWA
Автор

thank you for talking about this this has given me more to thick about when building my projects

virtualizeeverything
Автор

Super helpful, thank you! (I'm the 800th subscriber! 😛This channel deserve much more love and views!)

calfolkionized
Автор

What if I named my password-containing environment variable `CORNFLAKES_FOR_YOU` and the value was not a hash of any kind? Is your little tool going to know that it shouldn't be there?

waytospergtherebro
Автор

Interestingly GGShield doesn't detect my Flask .env credentials even when I don't even remove the file. IDK what's the reason here.

ronny