best practices

Cloud Native Security Platform Must-have Components

Posted on by Admin
Cloud Native Security Platform Must-have Components

5 key components to review To ensure secure apps are developed and deployed, McCluney and Griffin recommend implementing review processes for the following: Cloud posture and compliance Vulnerability visibility and management Container security Template scanning Securing your code Before delving into each of these components, let’s review why each one is key, and understand how the state of the industry has shaped these key security components. 4 cloud native development trends McCluney and Griffin point…

Read More

7 Container Security Best Practices For Better Apps

Posted on by Admin
Cloud Native Security Platform Must-have Components

Write clean code In 2020, Digital Shadow scanned more than 150 million entities from GitHub, GitLab, and Pastebin and found 800,000 access keys and secrets. 40% of these were for database stores—38% for CSPs such as Google, Microsoft Azure, and AWS. Yikes. It goes without saying (but I’m saying it anyways) you cannot afford to have your secrets exposed. To keep your secrets secret, avoid writing secrets into the code or in a config file…

Read More

IaC: Azure Resource Manager Templates vs. Terraform

Posted on by Admin
IaC: Azure Resource Manager Templates vs. Terraform

Infrastructure as code (IaC) is the process of configuring infrastructure through code instead of manually. A manual process requires operators and system administrators to configure any changes to the infrastructure. Using IaC, DevOps teams can store the infrastructure configuration code and application code in a centralized repository. IaC ensures consistent and more secure deployment. By avoiding error-prone manual configuration and deployment, security standards and policies are easier to maintain. And, DevOps engineers can improve scalability…

Read More

Apache Log4j: Mitigation for DevOps

Posted on by Admin
Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps Cloud Native What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities. By: Melanie Tafelski January 05, 2022 Read time:  ( words) What is Apache Log4j? You’ve most likely heard of the critical flaw CVE-2021-44228, discovered in the popular Java-based library, Apache Log4j. Nicknamed Log4Shell, it impacts numerous Apache projects, including Druid, Dubbo, Flink, Flume, Hadoop, Kafka, Solr, Spark,…

Read More

A Complete Guide to Cloud-Native Application Security

Posted on by Admin
A Complete Guide to Cloud-Native Application Security

However, these tools have downsides that may cause more challenges for DevOps teams: SAST has difficulties scanning and reporting on cloud-native applications because static tools only see the application source code it can follow. As more cloud-native apps are now developed with libraries and third-party components, this generates failures in the tool processing these links. DAST interactively testing the applications from the outside requires the application to be fully built upon every code change. As…

Read More

How to infuse agility into security operations

Posted on by Admin
How to infuse agility into security operations

How to infuse agility into security operations | 2021-06-30 | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This…

Read More
1 4 5 6