你的基础镜像有多安全?对热门开源容器进行实时安全测试.pdf

编号:982092 PDF 18页 1.48MB 下载积分:VIP专享
下载报告请您先登录!

1、#SECTORCA BlackHatEventsHow Secure Is Your Base Image?A security test of popular OSS containersJohn Amaral CTO and Co-Founder,Root.IO#SECTORCA BlackHatEventsJohn AmaralFounder,CTO at root#SECTORCA BlackHatEventsWhy this matters now?Attacker TimelineHoursExploit timelines compressed to hours.Zero-day

2、 to weaponization is rapid.Faster than most organizations can detect or react.Defender TimelineWeeksProcess-driven timelines.Fixes need testing,staging,approval.Involves multi-org coordinationKEV Git(CVE-2025-48384)serves as our example of this timing mismatch,highlighting why it drives compliance d

3、eadlines for security teams.#SECTORCA BlackHatEventsPopular SecureConvenience over Security:Popular base images are chosen for ease of use,not security.Daily CVE Accumulation:Widespread trust creates blind spots as vulnerabilities emerge constantly.Insights:See whats inside and how to secure these c

4、ontainers today.Observed in Enterprise:Tools to find these images prevalent in production environments.#SECTORCA BlackHatEventsThe Three Subjectsgolang:1.24-bookwormPrimary Issue:CISA KEV Git vulnerability in runtimeSecondary Issues:Massive linux-libc-dev vulns(no fix)Dev toolchains shipped to produ

5、ctionArchitecture Flaw:Builder image used as runtime containerpython:3.10-bookwormPrimary Issue:linux-libc-dev/glibc critical findings(no fix)Secondary Issues:Dev headers&build tools in final imageArchitecture Flaw:Single-stage build:dev&runtime mixedmcp-gateway:v2Primary Issue:Go stdlib CVE(require

6、s 1.24.6+for fix)Secondary Issues:Root userDIND patternsAttack toolsUnpinned installationsArchitecture Flaw:Dangerous permissions+powerful toolingAll three images are real-world CI and application images teams are commonly running in production environments today.#SECTORCA BlackHatEventsScan:golang:

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(你的基础镜像有多安全?对热门开源容器进行实时安全测试.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠