Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Panel Discussion: Cloud Security - Keeping Serverless Data Safe

Apr 16, 2020 By Mend In Mend
The push to the cloud has introduced a previously unknown level of agility to many organizations, but sometimes at the expense of data security. Human error often is the cause of cloud security blunders, putting sensitive data at risk and causing real damage to companies in terms of financial liability and loss of reputation. This webinar discusses some of the more overlooked aspects of cloud security and offers up some best practices for ensuring data in the cloud is truly secure.
View Video

Demystifying PCI Software Security Framework: All You Need to Know for Your AppSec Strategy

Apr 16, 2020 By Mend In Mend
The Payment Card Industry (PCI) Security Standards Council recently released a new security framework to replace the previous standard (PCI PA-DSS). The new framework is set to better address the changes that the software development industry has seen in the past few years. Agile and DevOps methodologies, cloud and containerized environments and widespread open source usage have become the new normal and with this, present new AppSec challenges. To ensure that users of payment apps remain safe, the new framework aims to lay a substantial value on continuous application security.
View Video

Whitesource and CircleCI Orbs: Secure your CI/CD Pipelines from Start to Finish

Apr 16, 2020 By Mend In Mend
Open source software components play an important role by providing us with the building blocks of our products. However, even as we enjoy the benefits of open source components, they are not without their challenges, especially when it comes to security vulnerabilities.
View Video
styra

The origin of Open Policy Agent and Rego

Apr 16, 2020 By Tim Hinrichs In Styra

Why the cloud-native architecture required a new policy language I recently started a new series on the Open Policy Agent (OPA) blog on why Rego, OPA’s policy language, looks and behaves the way it does. The blog post dives into the core design principles for Rego, why they’re important, and how they’ve influenced the language. I hope it will help OPA users better understand the language, so they can more easily jump into creating policy of their own.

Read Post
manageengine

Hardening Windows security: How to secure your organization - Part 2

Apr 16, 2020 By IT Security In ManageEngine

We’re back with part two of our three-part blog series on living-off-the-land attacks. If you missed part one, you can read it here. In a nutshell, living-off-the-land (LOTL) refers to a type of attack where the attacker uses the tools and features that already exist in the target environment to carry out malicious activities. The concept of LOTL is not new, but LOTL and file-less attacks have been gaining popularity over the last few months.

Read Post
sysdig

Performing Image Scanning on Admission Controller with OPA

Apr 16, 2020 By Víctor Jiménez In Sysdig

In this post we will talk about using image scanning on admission controller to scan your container images on-demand, right before your workloads are scheduled in the cluster. Ensuring that all the runtime workloads have been scanned and have no serious vulnerabilities is not an easy task. Let’s see how we can block any pod that doesn’t pass the scanning policies before it even runs in your cluster.

Read Post

PCI Compliance for Containers and Kubernetes

Apr 16, 2020 By Sysdig In Sysdig
Attend our webinar about PCI compliance in containers & Kubernetes: Download our PCI Guide: More info in our blog: Many of your applications are now starting to run on containers in the cloud. If your applications are at all dealing with credit card data, you may be wondering how to validate PCI compliance, a well known regulation for handling this data securely. PCI is also a must have requirement to check off before your code gets to production.
View Video

Kubernetes Threat Intelligence: Detecting Domain Generation Algorithms (DGA)

Apr 16, 2020 By Tigera In Tigera
Malicious actors often use Domain Generation Algorithms (DGA) to exploit the DNS protocol and execute command-and-control (C & C) malware attacks. In this webinar, threat researchers Manoj Ajuhe and Chris Gong from Tigera’s Threat Detection Team will be sharing the latest insights into DGAs, the risks they present, along with best practices to speed detection and mitigation.
View Video
tripwire

The MITRE ATT&CK Framework: Privilege Escalation

Apr 16, 2020 By Travis Smith In Tripwire

Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access. Since I have spent most of my time on the defensive side of the fence, the magic of escalating privileges rested in Exploiting for Privilege Escalation or stealing an administrator’s credentials.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.