Implementation -> Infrastructure Hardening: Limitation of system calls in virtual environments
Risk and Opportunity
Risk: System calls in virtual environments like docker can lead to privilege escalation.
Opportunity: System calls in virtual environments like docker are audited and limited.
Usefullness: Very High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium
Dependencies: Applications are running in virtualized environments
Implementation hints: seccomp, strace
OWASP SAMM 2 Mapping: o-environment-management|A|1
ISO27001:2017 Controls Mapping:
- system hardenong is not explicitly covered by ISO 27001 - too specific