Posts
-
Securing the Docker Ecosystem: Part 2: Strategies to Secure the Container Build
Welcome back to Securing the Docker Ecosystem - our 3-part series on improving the security posture of your Docker ecosystem. In each article, we address one particular aspect of Docker through a security lens.
-
Securing the Docker Ecosystem: Part 1: Strategies to Secure the Docker Daemon
In recent times, two key advancements, the acceleration of the software development cycle and the increasing complexity of the application stack, have triggered the need for faster and easier ways of pushing code into production. In this context, more lightweight, flexible, and resource-efficient approaches, such as “containers”, have become increasingly popular. To this end, more and more organisations have adopted Docker technology as the de facto standard in their application container space.
-
Adaptive AppSec Learning for Developers: The Advantages that Organisations Just Can't Afford to Ignore
Ever heard of a pilot who flew a real plane after merely reading about it in a manual?
Or a chef in a five star restaurant who served real customers after only reviewing a couple of recipe books?
Or a professional musician who gave a real performance after simply memorizing some musical compositions? -
Stretching the Elasticsearch
Breaking: Elasticsearch instance left open wide by SomeCompany exposing millions of records, including passwords and other personal data… now to sports
Sound familiar? Headlines like this have become increasingly at home as front page news items over the past several years since the adoption of Elasticsearch, a powerful distributed search and analytics engine based on the Lucene indexing library, has exponentially increased. A seamless dovetailing of its rising popularity, and its stark lack of default-enabled security features, has ensured the widespread presence of misconfigured instances in the wild. This article explores the impact of a number of misconfigurations that occur when the best practice guidelines provided by the (excellent) official documentation are neglected.
-
The Key to Achieving PCI DSS Compliance: Effective PCI Training For Developers
Data is everywhere… but so are data thieves!
Any organization that collects, processes, analyzes, or stores data needs to be aware of the risks to this data. And this is especially true for organizations that collect, process, analyze, or store financial data. -
7 Kubernetes security challenges, and how to steer the container ship
Kubernetes Container Orchestration!…
Now that we have your attention, let’s dig a little deeper into Kubernetes, an open-source orchestration layer that manages container-based applications.
In this article we’ll explore some of the security challenges you’re going to face when administering Kubernetes clusters, and the appropriate preventative measures to batten down the Kubernetes hatches. -
Why is practical AppSec training for developers vital for your organization?
All applications risk being hacked without robust, properly configured application security controls in place. Whereas employing a team of ethical hackers may help in providing assurance on the resilience of the system post-deployment, having a secure Software Development Life Cycle (SDLC) better equips organizations in addressing security concerns at the foundational level. Building security early in the SDLC is more cost efficient and scalable, enabling organizations to identify and correct security issues earlier in the development life cycle.