What do you think?
Rate this book
Container Security: Fundamental Technology Concepts That Protect Containerized Applications
To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions.
Author Liz Rice, Chief Open Source Officer at Isovalent, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started.
Explore attack vectors that affect container deploymentsDive into the Linux constructs that underpin containersExamine measures for hardening containersUnderstand how misconfigurations can compromise container isolationLearn best practices for building container imagesIdentify container images that have known software vulnerabilitiesLeverage secure connections between containersUse security tooling to prevent attacks on your deployment
Author Liz Rice, Chief Open Source Officer at Isovalent, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started.
Explore attack vectors that affect container deploymentsDive into the Linux constructs that underpin containersExamine measures for hardening containersUnderstand how misconfigurations can compromise container isolationLearn best practices for building container imagesIdentify container images that have known software vulnerabilitiesLeverage secure connections between containersUse security tooling to prevent attacks on your deployment
200 pages, ebook
Published April 6, 2020
97 people are currently reading
462 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 25 of 25 reviews
September 8, 2020
A must-read if you're into containers, Docker, Kubernetes or service meshes.
This book is not an introduction, but it's all about looking under the hood: how do the containers actually work, what does truly separate the running processes, what are the typical vector attacks for containers, what are the good and bad security practices (& I don't mean the obvious ones!). What's more, it's the only book on this particular topic I know - this strongly reduces the competition :)
The best chapters? Definitely 3 (cgroups) & 4 (container isolation on a system level). Very container-specific, very low level - yet absolutely crucial to have a full understanding of what a container truly is. Pure gold.
Strongly recommended.
This book is not an introduction, but it's all about looking under the hood: how do the containers actually work, what does truly separate the running processes, what are the typical vector attacks for containers, what are the good and bad security practices (& I don't mean the obvious ones!). What's more, it's the only book on this particular topic I know - this strongly reduces the competition :)
The best chapters? Definitely 3 (cgroups) & 4 (container isolation on a system level). Very container-specific, very low level - yet absolutely crucial to have a full understanding of what a container truly is. Pure gold.
Strongly recommended.
March 21, 2025
Excellent explanation of container security beginning from foundations building up to practical application security weaving it to threat models and owasp top ten. Great resource for anyone working with containers.
February 20, 2022
Excellent book that delivers what it promises. Starts with the building blocks of containers and interactive examples to see exactly how the isolation is achieved; ends with a practical security checklist.
November 23, 2021
Really good book that is full of foundational knowledge on container while still being rather short.
This is the kind of book that makes you understand core concepts that you have seen everywhere but which were never explained in details.
Things like what are the core constituents of containers or how is TLS implemented in details are very interesting.
I like when authors take a logical approach and explain their concepts starting from simple use cases and add concepts one after the other, explaining a complex system gradually. This fits my mental model.
The fact that the book is a short read is even more interesting as the amount of learning vs reading is high.
This is the kind of book that makes you understand core concepts that you have seen everywhere but which were never explained in details.
Things like what are the core constituents of containers or how is TLS implemented in details are very interesting.
I like when authors take a logical approach and explain their concepts starting from simple use cases and add concepts one after the other, explaining a complex system gradually. This fits my mental model.
The fact that the book is a short read is even more interesting as the amount of learning vs reading is high.
July 10, 2020
Excellent run through not just of security but containers in general. Rice has done the whole space a real service in compiling such a lucid, engaging and useful resource. This is all stuff, no fluff.
August 25, 2020
A must-have reference if you work with containers or if you want to dip your toes into containers implementation. Extra literature will be required for concrete applications.
December 1, 2020
I am not a security expert. I read this book because I wanted to have a better understanding of the docker security best practices:
- Run as a non-root user
- Limit capabilities
- Add –no-new-privileges flag
- Use Linux Security Module
- Limit resources
- Set filesystem and volumes to read-only
- and others...
I found in this book even more than I expected:
- Container Threat Model
- Attack vectors at each stage of a container’s life cycle
- Explanation of Control Groups
- Explanation of Container Isolation
- and more...
It is great that every chapter has a brief explanation of terms that should be known to understand described security vulnerability.
I can recommend it for those who want to go deep dive into the best practices around container security. However, to be up to date on the latest best practices, you still have to look for other resources.
- Run as a non-root user
- Limit capabilities
- Add –no-new-privileges flag
- Use Linux Security Module
- Limit resources
- Set filesystem and volumes to read-only
- and others...
I found in this book even more than I expected:
- Container Threat Model
- Attack vectors at each stage of a container’s life cycle
- Explanation of Control Groups
- Explanation of Container Isolation
- and more...
It is great that every chapter has a brief explanation of terms that should be known to understand described security vulnerability.
I can recommend it for those who want to go deep dive into the best practices around container security. However, to be up to date on the latest best practices, you still have to look for other resources.
October 2, 2021
Great book for everybody who wants to know how containers work under the hood and what vulnerabilities may be encountered when using them.
To better understand "container security" you need to be aware of how containers work, and this book not only covers the basic knowledge of containers, but it also gives pretty decent overview of possible container's vulnerabilities and how to defend against them.
I had some knowledge before about how docker containers work, but I didn't know the details. After reading first few chapters I learnt how linux operating system mechanisms - cgroups, namespaces and chroot could be used to create containers. What is more, there are examples in this book that you can try to better understand those concepts.
Definetely worth reading!
To better understand "container security" you need to be aware of how containers work, and this book not only covers the basic knowledge of containers, but it also gives pretty decent overview of possible container's vulnerabilities and how to defend against them.
I had some knowledge before about how docker containers work, but I didn't know the details. After reading first few chapters I learnt how linux operating system mechanisms - cgroups, namespaces and chroot could be used to create containers. What is more, there are examples in this book that you can try to better understand those concepts.
Definetely worth reading!
November 18, 2020
A truly solid introduction to containers in Linuxian terms: cgroups, namespaces and chroot. The part on security is wide and interesting but lacks the depth we can fantasise about when reading the book title. However the field is relatively new and newer attacks are arising every day: this book prepares the reader very well to adjust its behavior in the light of these attacks. The prevention part is quite clear and thorough. Overall a really good book and a must read for everyone working with containers (almost all programmers nowadays I guess).
February 11, 2023
Fun, interesting read on all-things container security. Starts off easy with an introduction to what a container really is, touching upon different virtualization techniques and then coming back to talking about the nuances concerning packaging and running applications within containers. It's a relatively new release and hence also mentions hot-topics such as rootless containers and container profiling via eBPF. I did wish for it to go a little deeper technically on some of the topics but still enjoyed it thoroughly.
December 8, 2020
This is the most well-written technical book I've read in a while. Dense with practical knowledge, great explanations, and many links for future learning.
The variety of topics covered is very wide. But I think it does an excellent job of going deep specifically on how it relates to containers/k8s without loosing focus or taking up thousands of pages.
Will definitely be reading more of this author in the future. Also discovered her cool live demos.
The variety of topics covered is very wide. But I think it does an excellent job of going deep specifically on how it relates to containers/k8s without loosing focus or taking up thousands of pages.
Will definitely be reading more of this author in the future. Also discovered her cool live demos.
August 18, 2021
This book is an amazingly poignant guide to container security. I’d recommend this for anyone working on anything running on Docker or Kubernetes runtimes.
There are some many good “ahh crap I wish I’d know that” moments, but the part of the book that will stick with you is the build your own container content. Learn more than you will need to know about namespaces, cgroups, and how to fend off container escape attacks by removing the tools necessary for an attacker to hijack your system.
There are some many good “ahh crap I wish I’d know that” moments, but the part of the book that will stick with you is the build your own container content. Learn more than you will need to know about namespaces, cgroups, and how to fend off container escape attacks by removing the tools necessary for an attacker to hijack your system.
November 28, 2020
Good insights on building blocks of containers, what kinds of guarantees the container isolation really offers and most interesting part was how can it be broken(if best practices were not followed) easily
The book itself is not that deep(I can understand given its size), but contains lots of blogs and reference links for deeper understanding!
The book itself is not that deep(I can understand given its size), but contains lots of blogs and reference links for deeper understanding!
August 10, 2023
In the process of preparing myself with CKS certification, i picked this up. It lives up to its title and gives good insights into security aspects with containers. Definitely not a targeted read for certification but gave good overall security needs that one needs to tend to while designing the containerized apps.
November 3, 2024
Even though it is a thin book, it is filled with a lot of good information. Definitely gave me more insight on how containers are built from scratch and the kind of permissions default to watch out for. The only slight drawback is that the examples are based off vagrant which is not that popular these days.
July 21, 2021
I can't recommend this book enough to those using containers on a regular basis.
The good:
- Rice covers each topic from first principles. Her discussion of the underlying Linux technologies (cgroup, namespaces, inter-process communication, VMMs, etc) which protect containers is very approachable and includes examples one can run in their own VM.
- Concrete advice on best practices for securing containers (non-root containers, image scanning, non-privileged containers, etc).
- External references to talks / resources on topics which are beyond the scope of the book.
- Discussions about how these container security concepts apply to Kubernetes.
The bad:
- Nothing - pure gold.
The good:
- Rice covers each topic from first principles. Her discussion of the underlying Linux technologies (cgroup, namespaces, inter-process communication, VMMs, etc) which protect containers is very approachable and includes examples one can run in their own VM.
- Concrete advice on best practices for securing containers (non-root containers, image scanning, non-privileged containers, etc).
- External references to talks / resources on topics which are beyond the scope of the book.
- Discussions about how these container security concepts apply to Kubernetes.
The bad:
- Nothing - pure gold.
March 22, 2022
Great Overview of Container Security
Liz did a great job explaining the basics for anyone new to containers, and a good refresh for those already using them. Would recommend for any security professional to read.
Liz did a great job explaining the basics for anyone new to containers, and a good refresh for those already using them. Would recommend for any security professional to read.
August 11, 2023
The best technology book I have read in a long time. This book gives a good understanding of how containers work and how it makes them vulnerable. Some parts of the information were outdated, as the industry is moving way too fast and it's impossible for a book to keep up.
August 17, 2020
Decent high level overview of the area.
I used this book as an index/map to approach container security rather than for content. Found better technical content by reading manuals/wiki/code.
I used this book as an index/map to approach container security rather than for content. Found better technical content by reading manuals/wiki/code.
December 26, 2020
Liz explains how containers are built from the ground up, using clear and familiar scenarios. Read it!
December 4, 2021
Great book. Delivers exactly what it promises.
Well structured so you can skip what you already know.
Succinct.
Well structured so you can skip what you already know.
Succinct.
January 17, 2022
Excellent read for developers using Containers. Love the additional resources for diving into subjects
January 4, 2023
Хорошая книга, где профессионал описывает методы, с помощью которых можно достигнуть приемлемого уровня безопасность веб-приложения в контейнере
April 29, 2023
Great book, as everything I've watched or read by Liz Rice.
November 28, 2020
Lots of blogs, few books on container security
There's always been the venerable Docker in Practice book, that goes in depth around the proper usage and understanding of Docker. But it doesn't touch on the OS building blocks that the book I'm here reviewing does with so much clarity. I find the approach of building owr own container, without any frontend other than the shell and a few key Unix executables, very original and a great didactic aid. It really helped make concepts much clearer and concrete.
A bit too cursory on some areas, but nevertheless a nice read.
There's always been the venerable Docker in Practice book, that goes in depth around the proper usage and understanding of Docker. But it doesn't touch on the OS building blocks that the book I'm here reviewing does with so much clarity. I find the approach of building owr own container, without any frontend other than the shell and a few key Unix executables, very original and a great didactic aid. It really helped make concepts much clearer and concrete.
A bit too cursory on some areas, but nevertheless a nice read.
Displaying 1 - 25 of 25 reviews