Databases are the Holy Grail for hackers, and as such, must be protected with utmost care. This is the first in a series of articles in which we’ll give an overview of best practices for securing your databases. We’re starting with one of the most popular open-source databases, PostgreSQL, and will go over several levels of security you’d need to think about.
Endpoint security is at the forefront of digital transformation due to the very nature of needing to protect devices outside the company’s network perimeter. This started with traditional devices such as laptops and desktops. Endpoint security then quickly expanded to include mobile security, for smartphones and tablets. And, as more data moved to the cloud endpoint security came to include servers and containers, both inside and outside of the network perimeter.
We here at WhiteSource often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to this question is a resounding and absolute yes! At WhiteSource, we believe in practicing what we preach.
With the onset of the ongoing COVID 19 pandemic, cybercriminals started looking for opportunities to threaten the already suffering businesses through malware, ransomware, and social engineering attacks. Amidst this public health crisis, a new remote working culture evolved as remotely connected workplaces had to adapt rapidly to a greater digital threat emerging online.
In today’s highly regulated digital businesses a frictionless, and secure identity verification has become a mandate. The traditional onboarding process for new clients can be time-consuming, error prone, labor-intensive, manual process involving multiple departments within the institution. This can lead to frustrating delays for customers and can put a strain on the business relationship.
Whether you’re just starting to understand basic Rego language concepts or want to brush up on structuring policy-as-code rules, Styra Academy’s “OPA Policy Authoring” course lays out the fundamentals you need to know to get started. Before we dive in, let’s get a better understanding of Open Policy Agent (OPA) and some common use cases. OPA is an open source, general purpose policy engine for cloud native environments.
It’s official! Snyk Container offers support for scanning container images stored in the popular open source container registry, Harbor. Snyk Container helps you find and fix vulnerabilities in your container images, and now it integrates with Harbor as a container registry, enabling you to import your projects and monitor your containers for vulnerabilities. Snyk tests the projects you’ve imported for any known security vulnerabilities found, testing at a frequency you control.
We’re excited to share that you can now scan container images stored in Red Hat’s Quay container registry and their hosted Quay.io service with Snyk Container. Snyk Container helps you find and fix vulnerabilities in your container images and integrates with Quay as a container registry to enable you to import your projects and monitor your containers for vulnerabilities, as is fully described in our Snyk Container documentation.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A supply chain infection that could have had far reaching impact had it filtered to deployed builds. This time, instead of package dependency infection, they went for the core….
