Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

CalCom

Disable HTTP Trace Method in IIS - no one likes a parrot

Sep 22, 2024 By Ben Balkin In CalCom
The primary function of the HTTP trace method (aka trace or track verbs) is as a diagnostic tool used in web servers. It works by echoing back the received request so that the client can see what changes or additions have been made by intermediate servers. Essentially, when a client sends a TRACE request to a server, the server responds by sending back the exact request it received, including all the headers.
Read Post
securitysenses

How DevOps Automation Enhances Cloud Security

Sep 22, 2024 By SecuritySenses In SecuritySenses
When applied to cloud security, DevOps automation is able to speed up delivery while cutting down on errors. This blend results in faster deployments with a lower likelihood of vulnerabilities sneaking through. Here's a closer exploration of how this plays out, and why you should be making the most of tools in this category as part of your own operations.
Read Post
manageengine

Top 10 cybersecurity misconfigurations and how to avoid them

Sep 20, 2024 By Log360 In ManageEngine
Have you ever heard of the 80/20 rule? The 80/20 rule, also known as the Pareto principle, was named after the Italian economist Vilfredo Pareto. It states that 80% of consequences come from 20% of causes. Though only a theory, the 80/20 rule has been empirically observed in numerous facets of business.
Read Post
panoptica

The Imperative of API Security in DevOps

Sep 19, 2024 By By: Shweta Khare In Panoptica
Consider a modern software application as a constellation of cities that dot the landscape. These cities are components such as databases, authentication services, business logic engines, and more. Requests travel between components carrying data just as citizens travel between cities carrying their belongings. The highways that connect the cities on this map are your APIs. Cities get the most attention, often receiving the security and protection they need.
Read Post
mend

What is the KEV Catalog?

Sep 19, 2024 By AJ Starita In Mend
With external threats looming as a constant source of potential disruption, multiple government agencies have coordinated to compile a catalog of Known Exploited Vulnerabilities (KEV). The Known Exploited Vulnerabilities Catalog, or KEV catalog, is a database of actively exploited vulnerabilities, including those that have been exploited by ransomware campaigns, that can help application security professionals in the public and private sectors monitor threats and prioritize fixes.
Read Post

Navigating Access Challenges in Kubernetes-Based Infrastructure

Sep 19, 2024 By Teleport In Teleport
Organizations often find that as they deploy their K8S infrastructure into production and across their company, what worked well for managing access during development does not scale efficiently. Research shows that this often leads to serious security risks including breaches. So, new access challenges emerge, particularly as teams scale. Join us for a 30-minute deep dive into how to secure access to Kubernetes-based environments including clusters, databases, and applications in a scalable way.
View Video
teleport

How to Implement Scalable Access Controls with RBAC: Best Practices for Zero Trust Environments

Sep 18, 2024 By William Loy In Teleport
In the arms race to secure environments, codifying permissions often becomes an afterthought in the wake of setting up a new access tool. I often speak with organizations that either don’t know who has permission to what, or have no permission definitions at all. I once onboarded an enterprise level digital communications company that was losing productivity trying to keep track of who had access to their Kubernetes resources.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.