I will start with a structure of the D sections which will basically provide the core for a) planning a secure container environment, for b) security controls and for c) auditing. It'll be basically addressing the threats mentioned in https://github.com/OWASP/Docker-Security/blob/master/001_Threats.md .
This document is not supposed to have a single page per D section like the OWASP Top 10 but still I was thinking on borrowing a few headlines from the boxes (no boxes either) like
~How Do I Prevent?,
~Am I Vulnerable --> need to use a different term like How can I detect?,
~Example Attack Scenarios --> probably needs to be related to the aforementioned threats
References
and before an introductory paragraph telling what each point is about. Each of those sections will have a text paragraph or examples, and as said no boxes. I am not in favor of a single page as I am afraid there's too much content.
drwetter
commented
5 years ago
I will start with a structure of the D sections which will basically provide the core for a) planning a secure container environment, for b) security controls and for c) auditing. It'll be basically addressing the threats mentioned in https://github.com/OWASP/Docker-Security/blob/master/001_Threats.md .
This document is not supposed to have a single page per D section like the OWASP Top 10 but still I was thinking on borrowing a few headlines from the boxes (no boxes either) like
How Do I Prevent?,Am I Vulnerable--> need to use a different term likeHow can I detect?,Example Attack Scenarios--> probably needs to be related to the aforementioned threatsReferencesand before an introductory paragraph telling what each point is about. Each of those sections will have a text paragraph or examples, and as said no boxes. I am not in favor of a single page as I am afraid there's too much content.
Any thoughts on this?