Module 07: Security & Optimization
Containers are not secure by default. They share the host kernel, and if compromised, they can become a gateway to your entire infrastructure.
In this module, we move beyond “it works” to “it is secure”. We will deconstruct the layers of container isolation, understand the attack surface, and implement defense-in-depth strategies used by top tech companies.
What You Will Learn
- Rootless Docker: Run the Docker daemon without root privileges using User Namespaces.
- Seccomp & AppArmor: Restrict the system calls and file access available to a container.
- Image Scanning: Detect and block vulnerabilities (CVEs) before they reach production.
- Distroless Images: Minimize the attack surface by removing the OS shell and package manager.
- Resource Limits: Prevent Denial of Service (DoS) attacks using Cgroups.
Module Chapters
Chapter 01
Rootless Docker & User Namespaces
Rootless Docker & User Namespaces
Start Learning
Chapter 02
Seccomp & AppArmor: Kernel Hardening
Seccomp & AppArmor: Kernel Hardening
Start Learning
Chapter 03
Image Scanning & CVE Management
Image Scanning & CVE Management
Start Learning
Chapter 04
Distroless Images: Minimal Attack Surface
Distroless Images: Minimal Attack Surface
Start Learning
Chapter 05
Resource Limits & DoS Prevention
Resource Limits & DoS Prevention
Start Learning
Chapter 06
Module Review: Security Optimization
Module Review: Security Optimization
Start Learning