Skip to main content

What Is Containerization, and What Does Penetration Testing Have to Do With It?

CyberPenTest+
January 3, 2025David Landsberger

It’s Friday night, and you’ve just finished dinner. You ordered in because it was a long week. So, you take the leftovers you plan on stretching into lunch tomorrow, put them in something like Tupperware or Pyrex, and put them in the fridge.

Without getting existential, you did this for a few reasons:

  • You want to eat that food again.
  • You want the food to be stored safely.
  • You want to quickly transfer the food to another environment when you consume it.

What is containerization?

The concept of containerization in cloud computing is similar to the food example. Containers are used to isolate and maintain an application. Everything that the application needs to run is placed inside that container. Once it’s contained, you can pick it up and move it around regardless of the host operating system.

Not only does portability go up, but deployment can now be accelerated, fewer human resources will be used, and you’ve created a segment in your cloud environment that should increase your security.

To continue the analogy, your food is ready to eat regardless of how you reheat it or plate it.

Containerization and cybersecurity

While containers should help increase your security profile, that doesn’t mean they don’t need extra attention. Cybersecurity isn’t just the garnish on the container; it’s an essential ingredient.

The challenge here lies in the fact that you’ve just removed your host from the container, and the host is usually where most of the security is concentrated. Firewalls, antivirus, and other software designed to detect malicious threats are typically designed for a host. Concentrating your cybersecurity efforts on the host makes sense in a virtual machine environment since the hypervisor sits on top of the host operating system and controls the resources of the apps layered on top.

So, what should your security posture be with your containers?

A good way to approach your new container is to think of it as an endpoint. Endpoints are always the starting point for malicious attacks. The same threat detection and response methodology you use to monitor endpoints should be applied to containers.

What is going on? What is going out?

Gaining visibility on the container is key. Currently, the most common container solution is Docker, and this can be paired with Kubernetes or other solutions to build repository frameworks and enhance the visibility of the images. Moving to containers will require a different set of specific tools or time-intensive custom builds, and a commitment to monitoring your containers with new tools is essential. These monitoring tools should look at the individual containers and the container engine itself.

Penetration testing of containers

But before we even implement a container-specific security solution, we need to handle containers similar to anything else on the network and run a thorough vulnerability scan. While a container is designed to be highly resilient and safe, that doesn’t mean a container will be 100% secure from a threat.

For example, while the container may not have a public-facing IP address, the application within may require APIs to function correctly. Those APIs can be a weak point that a vulnerability scan could identify. Scans need to be acted on, and remediation should take place.

In addition, continue your regular security patching practice—patches for anything in the container must be installed with discipline to avoid security leaks over time.

Penetration testing, or pen testing, should be another step once action has been taken from the results of the vulnerability scan. A solid pen tester will specifically ask about the presence of containers on the network and seek to understand how they communicate with one another in an attempt to find weak points. The resources that supply the containers and container daemons need to be thoroughly tested as well.

Following these practices, if a container is compromised, it would ideally be contained within the container environment. However, your forensic investigations may be limited as you attempt to remediate: many container best practices involve refreshing the application and/or relaunching it at intervals. This means some of your remediation practices may not be available for inspection even though you have identified a recurring threat. This all reinforces that containerization is still a relatively newer framework: standards and best practices are evolving as each week passes.

Containerization benefits development teams and enables companies to move to edge computing models with speed, resiliency, and efficiency. However, expectations must be set by the executive suite that cybersecurity will be a paramount concern as the infrastructure moves to a container model.

CompTIA PenTest+ covers the skills needed for containerization. Download the exam objectives to see how the certification covers these skills.