Last week I skipped Security Sprint, oops! But today I’m bringing you another DevSecOps content. In this case we are learning about Seccomp and how to apply it for secure containers. Secure computing mode (seccomp) is a Linux kernel feature, as explained in the Docker documentation.

You can use this feature to restrict your application’s access, and making its security stronger. They’re defined in a JSON file that is applied when a container starts. This is only available if Docker has been built with seccomp and the kernel is configured with CONFIG_SECCOMP enabled. To check if our...


Hello guys, how are you doing? I’ve had in my mind a topic for a while now and I’d love to share and hear from you about it. It’s not quite technical but it’s important in any techie job, I think.

Not long ago, DEV went open source and it was pretty exciting for the ones who were following the development of the site. Some of us are very used to creating free and open content and happily joins Linux discussions, events and such. But, what’s the point on this, why are we in this train? I’d like to...


Hello again! and welcome to the weekly Security Sprint :p

Today I’m going to introduce a very exciting thing. But before, let’s go back in time for a moment. We are in the late 80’s, internet is very exciting, everyone want to have a webpage… Communication has changed, and we are going into a new lifestyle, in which we can be anonymous, there are no walls between users and knowledge is open. But… uh-oh, some countries are not very happy with this statements… Internet begins to have such importance, it shapes society. If you where an ambitious company or country,...


De nuevo nos reunimos para hablar de diversos temas de actualidad en el mundo los derechos digitales, la lucha por el software libre y nuestra cruzada a favor de la privacidad y seguridad en el mundo tecnológico. Como siempre, nos encantará tratar cualquier temática que se proponga, aunque de entrada sugerimos las siguientes:

  • La gran victoria que han logrado en Berlín contra Google, donde han conseguido mediante manifestaciones y acciones sociales que no siga adelante el proyecto de campus Google.

  • El intrínseco atentado contra la privacidad que supone la invasión del internet de las cosas en...


Hello again and welcome back to the Security Sprint second edition ;)

Keeping with the topic of the last week, I’m going further in containers security. Now, we are going to learn the danger inside Elasticsearch, a distributed, RESTful search and analytics engine.

To clearly understand my point, let’s first launch a container running Elasticsearch. I’m using 1.4.2 version on purpose.

# docker run -d -p 9200:9200 --name es benhall/elasticsearch:1.4.2 

By default Docker drops certain Linux capabilities and blocks syscalls to add a default level of...