CNV - The Docker Blind Spot

This presentation explores a critical security vulnerability affecting over 30 million websites worldwide: the "React to Shell" exploit. By demonstrating live hacks on both local and Dockerized Next.js applications, the video reveals how user input can lead to unauthorized shell access when serialization is not properly handled. The session also provides practical workarounds for identifying these vulnerabilities using tools like Wazuh and highlights essential mitigation strategies for developers. Timestamps: 00:00 - Introduction and focus on Docker security 01:22 - Speaker introduction: Dolan, Software Developer 01:41 - Overview of the "React to Shell" hack 03:30 - Explaining serialization using a restaurant analogy 04:31 - Why traditional security tools miss these vulnerabilities 04:56 - Project demo: Vulnerable vs. Protected versions 09:29 - Live demo: Gaining shell access to a Docker container 14:20 - Mitigation strategies and AI code generation risks 16:00 - Closing remarks and slide access #DockerSecurity #CyberSecurity #NextJS #ReactJS #CloudNative #InfoSec #WebSecurity #Wazuh #ContainerSecurity #SoftwareDevelopment #CodingSecurity #Kubernetes #TechTalk #AppSec #DevSecOps