Docker For The Win! November 4th, 2023
If you are new to this blog and have not seen my initial post, I am currently enrolled in my final course of the Oregon State University Post Bacc. Computer Science Program. This final course is the Capstone Project that ties in and demonstrates all of the knowledge I have gained during this time.
For my project, I am working with two other individuals. Our team for this project is researching the top 10 web application vulnerabilities and authoring a write up that explains in detail each of the vulnerabilities, as well as a how-to guide to secure any web application against such attacks. To accompany our write up, we have also created two versions of a web application that acts as a faux online store. The first version of the web application is vulnerable to all of the web attacks covered in our write ups and the second version is secured against these same attacks.
In the beginning stages of development for this project, our team had a long discussion about how we were going to deploy our two web applications. We knew that we would need them to run simultaneously and that they could be run on a user’s local machine. What we ultimately decided on was Docker.
Docker is a technology that uses images and containers to create a virtual environment, preset with all the configurations and dependencies installed for your individual needs. A Docker Image is virtual environment built by a developer. The Docker image allows any user to build this what is know as a Container, out this image. The container will hold a running version of that image that can be changed, manipulated, deconstructed, etc. All while maintaining the original version of the environment in the image.
Because we need two version of our web application, Docker is the ideal option as we are able to create two images, one image that holds the vulnerable site and one that holds the secure site. Users are able to run a container of each image at the same time and manipulate code in order to practice their data security in an isolated sandbox. When the user is finished, they can simply close the current container and start fresh using the original image environment.
Not only does this make it easy for anyone to run our web application, but it saves user time by having all dependencies already defined and able to be installed on a container rather than their local computer. Even more, Docker images are far more efficient than other technology, such as virtual machines.
Docker sounds almost too good to be true. The reality is that for a user of a Docker image, it truly is that good. However, for a developer of a Docker image, this technology comes with some pitfalls. The biggest pitfall of Docker is the build time. What I mean by this that as a developer builds a web application, they want to be able to test it. For apps that are large and contain many dependencies, the time it takes for Docker to create an image is agonizing. If a change needs to be made to the image, even something as minute as adding a comment, the entire Docker image must be built again. This includes reinstalling all of the dependencies that are already installed on the current image. In my case, for my group’s web application, this averages 5 to 6 minutes.
Docker could be greatly improved if this issue was addressed and that in the building of the Docker Image, the install is able to recognize where changes have been made in the image and update only those pieces that were modified.
