Professional web development standards are very high nowadays. It doesn’t matter how big your team or budget. Application Security is extremely important for project of any size. Huge software companies may even have separate departments working on security tasks only. There are manual code review of existing solutions, automation of scanning for well-known vulnerabilities by special tools, writing unit and integration tests, research the cases, implementation of modern approaches. On the other hand, if you are sole developer in your startup (or even single contributor at all), you have to spend some time playing this role as well.
Sources of the harmful code
There are a lot of hype around containers as a new best technical approach for hosting, development, deployment and testing. Docker [https://www.docker.com] is the most popular container-based solution.
Nowadays, software developers have a wide range of programming languages, frameworks and other tools to be used to implement various solutions (static web site, web service, analytics database, background workers, queues, etc.). But wait, development is only half of the story. DevOps guy checks out the solution from the repo to deploy it on the server or just to test it on another machine. “Dependencies hell” and other pure technical issues may turn this process into very complicated quest with bunch of traps. On the other hand, there would be many target platforms for deployment (development PC or laptop, cloud hosting, domestic cluster, etc.). Each of platforms may have its own additional deployment and configuration steps. The problem is a huge number of cases (the cartesian product of two sets: development stacks and hosting platforms) both the software developer and the systems administrator have to care about.
Container is a solution
The idea is not absolutely new. In the middle of previous century the trucking industry had almost the same problem of 2 sets: different sizes and shapes of cargo and plenty of transportation approaches. Standard transport container was introduced as universal wrapper for any kind of goods. The trucking industry operates in terms of these standard containers. Software as a Service applies the same idea. Docker helps developer to pack any application with all its dependencies into container and be sure it can be runned anywhere. On the other hand, system administrator have to worry about container environment configuration only and be sure it can run any application within a container.