Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
Book Review: Container Security by Liz Rice

Uday Mittal February 10, 2021

Book Review: Container Security by Liz Rice

I recently came across this book, Container Security by Liz Rice, while searching for material to read on how to secure containerized applications. This was the only book I could find on the topic, so I picked it up without thinking further. It was published in April 2020.

Content overview

The book’s tagline, “Fundamental Technology Concepts that Protect Containerized Applications”, provides an apt description of the content. It starts with basic concepts which are necessary to understand before we set out to secure containers. Even though the book is divided into 14 chapters, they can be rolled up into following three broad categories:

  • How containers work or, more aptly, what makes containers possible? – Chapters 2-5. In these chapters the author provides a brief introduction to various Linux components, such as Namespaces, Control Groups, Sys calls, Permissions, Capabilities etc. that work together to enable the technology we know as Containers. After all, a container is still a Linux process running on the host machine. This part ends by giving a bird’s eye view of virtual machines and how containers are different from VMs.
  • Securing various aspects of containers – Chapters 6-13. In each of these chapters the author describes a facet of containers and also provides recommendations on securing it. For example, in chapter 6 she describes how container images are built and also provides security best practices to protect container images. This part also covers concepts like rootless containers, Kata containers, Unikernels etc.
  • Container security threats, recommendations and checklist – Chapter 1, 14 and security checklist. In the first chapter the author covers various threats associated with containers and provides mitigations to address them. The author has also provided a container threat model in this chapter. In chapter 14, the author maps various vulnerabilities associated with containers to OWASP Top 10. Finally, at the end of the book the author has also provided a security checklist based on her recommendations throughout the book.

Salient features

Here are a few things I liked about this book:

  • Good coverage of container threats and security best practices.
  • It builds the foundation by describing how containers work on the ground. This understanding is fundamental for learning how to secure containers.
  • The author had provided a lot of useful commands for enumerating containers (they are spread throughout the book and not covered specifically under this heading).
  • The author has also provided various tools that can be used to secure containers.
  • It is written in an easy to understand manner despite being technical in nature.
  • Security checklist at the end of the book.
  • At 180 pages, it’s short and concise. Packed with a lot of useful information.
  • This book is good for developers working on containerized applications, cloud security professionals, security managers and red teamers.

Not so salient features

Here are a few things I did not like about this book:

  • None.

My rating: 5.0 / 5.0

Related Posts

  • Book Review: Red Team Development and Operations by Joe Vest and James TubbervilleBook Review: Red Team Development and Operations by Joe Vest and James Tubberville
  • Book Review: Web Application Security by Andrew HoffmanBook Review: Web Application Security by Andrew Hoffman
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Book Reviews Tagged With: container security, Cybersecurity books

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory Active directory lab adsecurity adsi adsisearcher Android attack active directory awareness blue whale challenge Certification CISSP crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden ellitedevs forest enumeration hacker Information Security ISACA Kali Linux lab environment Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest powersploit Powerview privacy red team red teaming Risk Management Social Media user enumeration Wifi Windows

Top Posts

  • ADSISearcher (Part 2)
    ADSISearcher (Part 2)
  • Red Team Operations Attack Lifecycle
    Red Team Operations Attack Lifecycle
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • Web App Pentesting using BodgeIt Store (Part 1)
    Web App Pentesting using BodgeIt Store (Part 1)
  • DCPP: Everything You Need to Know
    DCPP: Everything You Need to Know
  • YCSC QnA with Keith Pradeep Fernandez
    YCSC QnA with Keith Pradeep Fernandez

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress