Abstract:
The thesis work consists in the research and analysis of the cryptographic non-conformities present in some docker images. We will illustrate the automation process for the collection of statistical samples aimed at determining the presence of vulnerabilities related to the mechanisms of cryptographic keys and certificates present in the aforementioned images and classifying them to understand whether the detected threats are actually real or instead attributable to cases deemed safe. Finally, we will discuss why such non-conformities exist and illustrate possible corrective solutions to eliminate these threats.
