Skip to content
Vladimir Chavkov

Docker Security & Best Practices Training

Lock down your container workloads with this focused 2-day security course. Learn to build hardened images, enforce runtime security controls, scan for vulnerabilities, manage secrets properly, and implement defense-in-depth strategies for Docker environments.

Training Details

Section titled “Training Details”
Duration2 days (16 hours)
LevelIntermediate
DeliveryIn-person, Live online, Hybrid
CertificationN/A

Who Is This For?

Section titled “Who Is This For?”
  • DevOps engineers hardening container infrastructure
  • Security engineers assessing container environments
  • Developers building secure containerized applications
  • Teams implementing DevSecOps practices

Learning Outcomes

Section titled “Learning Outcomes”

After completing this training, participants will be able to:

  • Build minimal, hardened Docker images
  • Implement container runtime security controls
  • Scan images for vulnerabilities and misconfigurations
  • Manage secrets without embedding them in images
  • Configure Linux security modules for containers
  • Establish a secure container supply chain

Detailed Agenda

Section titled “Detailed Agenda”

Day 1: Image Security

Section titled “Day 1: Image Security”

Module 1: Secure Image Building

  • Minimal base images (Distroless, Alpine, scratch)
  • Running as non-root and USER instruction
  • Removing unnecessary packages and files
  • Hands-on: Harden a Dockerfile following CIS benchmarks

Module 2: Vulnerability Scanning

  • Image scanning with Trivy, Grype, and Snyk
  • CVE analysis and prioritization
  • Integrating scanning into CI/CD pipelines
  • Hands-on: Set up automated scanning with build-time gating

Module 3: Supply Chain Security

  • Image signing with Cosign and Notation
  • Content trust and Docker Content Trust
  • Base image provenance and SBOMs
  • Hands-on: Sign images and verify signatures in a pipeline

Day 2: Runtime Security

Section titled “Day 2: Runtime Security”

Module 4: Container Isolation

  • Linux namespaces and cgroups
  • Capabilities — dropping and adding
  • Seccomp profiles and AppArmor
  • Hands-on: Apply least-privilege runtime security profiles

Module 5: Secrets Management

  • Docker secrets and config objects
  • External secret injection patterns
  • Environment variables vs mounted secrets
  • Hands-on: Implement secret management without embedding in images

Module 6: Network and Host Security

  • Docker daemon security configuration
  • Network policies and firewall rules
  • Read-only filesystems and tmpfs
  • Hands-on: Lock down a Docker host following CIS Docker Benchmark

Prerequisites

Section titled “Prerequisites”
  • Docker Fundamentals or equivalent experience
  • Basic understanding of Linux security concepts
  • Familiarity with CI/CD pipelines

Delivery Formats

Section titled “Delivery Formats”
FormatDescription
In-PersonOn-site at your company’s location, hands-on with direct interaction
Live OnlineInteractive virtual sessions with screen sharing and real-time labs
HybridCombination of on-site and remote sessions, flexible scheduling

All formats include hands-on labs, course materials, and post-training support.