Posts

  • Adaptive AppSec Learning for Developers: The Advantages that Organisations Just Can't Afford to Ignore

    Ever heard of a pilot who flew a real plane after merely reading about it in a manual?

    Or a chef in a five star restaurant who served real customers after only reviewing a couple of recipe books?

    Or a professional musician who gave a real performance after simply memorizing some musical compositions?

  • Stretching the Elasticsearch

    Breaking: Elasticsearch instance left open wide by SomeCompany exposing millions of records, including passwords and other personal data... now to sports

    Sound familiar? Headlines like this have become increasingly at home as front page news items over the past several years since the adoption of Elasticsearch, a powerful distributed search and analytics engine based on the Lucene indexing library, has exponentially increased. A seamless dovetailing of its rising popularity, and its stark lack of default-enabled security features, has ensured the widespread presence of misconfigured instances in the wild. This article explores the impact of a number of misconfigurations that occur when the best practice guidelines provided by the (excellent) official documentation are neglected.

  • The Key to Achieving PCI DSS Compliance: Effective PCI Training For Developers

    Data is everywhere… but so are data thieves!

    Any organization that collects, processes, analyzes, or stores data needs to be aware of the risks to this data. And this is especially true for organizations that collect, process, analyze, or store financial data.

  • 7 Kubernetes security challenges, and how to steer the container ship

    Kubernetes Container Orchestration!…

    Now that we have your attention, let’s dig a little deeper into Kubernetes, an open-source orchestration layer that manages container-based applications.

    In this article we’ll explore some of the security challenges you’re going to face when administering Kubernetes clusters, and the appropriate preventative measures to batten down the Kubernetes hatches.

  • Why is practical AppSec training for developers vital for your organization?

    All applications risk being hacked without robust, properly configured application security controls in place. Whereas employing a team of ethical hackers may help in providing assurance on the resilience of the system post-deployment, having a secure Software Development Life Cycle (SDLC) better equips organizations in addressing security concerns at the foundational level. Building security early in the SDLC is more cost efficient and scalable, enabling organizations to identify and correct security issues earlier in the development life cycle.