As mentioned in Github, "Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution." (https://github.com/GoogleContainerTools/distroless) There are multiple reasons why distroless images are getting popular minimal size does not include excessive binaries ( there is only sh and bash in /bin folder ) more secured ( due to presence of less binaries ) However there has been a wrong perceptions ( as per few blog posts ) that we cannot do command injection attacks in the containers made of distroless images. While this is partly true that we cannot try the usual attacks of command injection but it will be wrong to say that it is impossible. This blog post is about attacking them. Here is my base code and the Dockerfile app.py from flask import Flask,request import os import subprocess app = Flask(__name__) @app.route("/&q
Web - Network - System - Mobile - Cloud - Automotive - Embedded - Internet Of Things (IOT)