AN APPROACH OF EXPLOITING DOCKER CONTAINER SECURITY

Docker is an open-source platform that can be used for shipping, developing, and running the applications for quick delivery and easy management of the application. Docker improves the performance and efficiency as it uses a single kernel. By pulling the image from the Docker repository, the user can create multiple instances of the same image in the local machine. Hence, Docker containers have become very popular nowadays with its ease of use. However, the Docker containers are also prone to several security attacks due to the absence of hypervisor. This paper focuses on the process of running the application by creating the container. As the Docker, containers are prone to security attacks the paper also focuses on the security misconfiguration present in the Docker containers by considering an example of an elastic search container. The process of exploiting the elastic search container is also presented in this paper. The security vulnerabilities in the Docker occurs because of the configuration or the usage of insecure versions of the packages in the Docker images. Hence, the developer needs to be aware of the packages and need to use the non-vulnerable packages to build a secure image.