960-9c8a-55e5-8f28-d53f68b246d5">
Table of Contents
1 Cover
3 Introduction Meeting the Challenge A Few Conventions Companion Download Files How to Contact the Publisher
4 Part I: Container and Orchestrator Security CHAPTER 1: What Is A Container? Common Misconceptions Container Components Kernel Capabilities Other Containers Summary CHAPTER 2: Rootless Runtimes Docker Rootless Mode Running Rootless Podman Summary CHAPTER 3: Container Runtime Protection Running Falco Configuring Rules Summary CHAPTER 4: Forensic Logging Things to Consider Salient Files Breaking the Rules Key Commands The Rules Parsing Rules Monitoring Ordering and Performance Summary CHAPTER 5: Kubernetes Vulnerabilities Mini Kubernetes Options for Using kube-hunter Container Deployment Inside Cluster Tests Minikube vs. kube-hunter Getting a List of Tests Summary CHAPTER 6: Container Image CVEs Understanding CVEs Trivy Exploring Anchore Clair Summary
5 Part II: DevSecOps Tooling CHAPTER 7: Baseline Scanning (or, Zap Your Apps) Where to Find ZAP Baseline Scanning Scanning Nmap's Host Adding Regular Expressions Summary CHAPTER 8: Codifying Security Security Tooling Installation Simple Tests Example Attack Files Summary CHAPTER 9: Kubernetes Compliance Mini Kubernetes Using kube-bench Troubleshooting Automation Summary CHAPTER 10: Securing Your Git Repositories Things to Consider Installing and Running Gitleaks Installing and Running GitRob Summary CHAPTER 11: Automated Host Security Machine Images Idempotency Secure Shell Example Kernel Changes Summary CHAPTER 12: Server Scanning With Nikto Things to Consider Installation Scanning a Second Host