TL:DR; What are good learning resources for security testing a software which runs with Docker on Ubuntu.
I am in junior position at this company, and they figured it would be good if I just test their software from security perspective. I already learned a bit about hacking, but it was mainly webservers, CTFs, Tryhackme, HTB, so nothing connected to RE or cracking. I don’t know how to start, I mean, I found a lot of knowledge about RE on Windows, or CIS Docker Benchmark, but I didn’t find any articles, specifically about reverse engineering/cracking on Docker on Linux.
The product is running on Ubuntu 18.04 server, on Docker, installed from a .deb package (Don’t know if this helps 🙂 )
What I looking for is some guidance on how to learn about cracking a software which is installed with Docker on Linux. Or what is the most easier or usually more valuable attack vector to look at, I mean, maybe try to crack the licensing, or try to use buffer overflow, how the “average attacker” thinks… Please tell me if I am missing some basics, and it is never mind that I crack/pentest on windows or docker or linux, then I will just start some book or complete course.
I understand that it is a broader topic than just following a step by step tutorial, but I have plenty of time for it to learn, so videos, books, articles everything which teaches purposefully Docker/Linux software test would be awesome.
Also, what do you think, which of the following could help to aim in the right direction?
Found some books:
This can be related, and it was already helpful:
Is it possible to escalate privileges and escaping from a Docker container?
Also I found Liveoverflow videos, some related to docker, should I start the whole series?
Thank you very much in advance.