Security

The latest Security News & Information

raygun

Useful tools to manage your application's secrets

When you build and deploy an application, chances are that you need to store some form of secrets. These are typically things like credentials for 3rd party systems and database credentials. As an ASP.NET Core developer, Microsoft provides you with an easy way to store secrets like these in your development environment, namely the Secret Manager.

detectify

What is a blind vulnerability and how can it be exploited and detected?

There are times where an attacker can hack a system and yet nothing is sent back, and this is classified as a blind vulnerability. This article will explain blind vulnerability detection and how Detectify’s scanner detects them: If we simplify web hacking, it usually means that an attacker is sending some data from their computer to a server, the server processes the data and then sends something back to the attacker.

nnt

California State Auditor Finds Flaws in Government IT Systems

California's state auditor is calling for additional oversight and regular assessments after finding weaknesses in the information security of some California state offices. State auditor Elaine Howle recently released a report Gaps in Oversight Contribute to Weaknesses in the State's Information Security and found that the personal information of California residents may not be secure due to flaws in the government's IT systems.

Meeting PCI DSS Network Security Requirements in Kubernetes Environments

Compliance standards such as PCI DSS have assumed that traditional characteristics and behaviors of the development and delivery model would continue to be constant going forward. With the Container/Kubernetes revolution, that set of assumptions is no longer entirely correct. Attend this webinar and learn about what’s changed, how those changes weaken your compliance and control environment, and what you can do to adjust to the new reality.

How To Extend Firewalls to Kubernetes to Stop Breaking Existing Security Architectures

Security teams use firewalls to secure their production environments, often using a zone-based architecture, and Kubernetes does not deploy well to that architecture. Application teams are launching new business-critical applications on Kubernetes and are aggressively moving to production. A clash is bound to happen.
sysdig

Integrating Gitlab CI/CD with Sysdig Secure

In this blog post we are going to cover how to perform Docker image scanning on the Gitlab CI/CD platform using Sysdig Secure. Container images that don’t meet the security policies that you define within Sysdig Secure will be stopped, breaking the build pipeline before being pushed to your production Docker registry.

tripwire

Multi-Cloud Security Best Practices Guide

A multi-cloud network is a cloud network that consists of more than one cloud services provider. A straightforward type of multi-cloud network involves multiple infrastructure as a service (IaaS) vendors. For example, you could have some of your cloud network’s servers and physical network provided by Amazon Web Services (AWS), but you’ve integrated that with your servers and physical networking that’s provided by Microsoft Azure.