Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

sysdig

Image scanning for GitLab CI/CD

Oct 12, 2022 By Dale Rodriguez In Sysdig

Scanning a container image for vulnerabilities or misconfigurations on your GitLab CI/CD using Sysdig Secure is a straightforward process. This article demonstrates a step-by-step example of how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner with GitLab CI/CD. Although possible, this procedure is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.

Read Post

SnykLive | Stranger Danger: Your JavaScript Attack Surface Just Got Bigger | Oct 5, 2022

Oct 12, 2022 By Snyk In Snyk
Your JavaScript Attack Surface Just Got Bigger- here's what you need to know: Building JavaScript applications today means developers must take a step further from writing code. This live stream demonstrates a live JavaScript and cloud-native hacking session to show common threats, vulnerabilities, and misconfigurations. Further, we show how you can protect your application with actionable remediation and best practices for each exploit shown.
View Video

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Oct 12, 2022 By Snyk In Snyk
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
View Video
styra

The Difference Between Authentication and Authorization

Oct 12, 2022 By Jeff Broberg In Styra

Authentication and authorization are two complementary and critical parts of securing cloud-native applications and infrastructure. Yet, there can be some confusion between these terms. The importance of cybersecurity approaches, such as Zero Trust and the principle of least privilege, make it critical to understand and implement appropriate authorization and authentication processes across cloud-native development.

Read Post

Toyota data breach - Database keys exposed publically in GitHub for 5 years

Oct 12, 2022 By GitGuardian In GitGuardian
On October 7th, Toyota revealed a partial copy of their T-Connect source code had been accidentally exposed for 5 years, including access to data for over 290,000 customers. In 2014, Toyota introduced a new telematics service called T-Connect to customers, offering interactive voice response and allowing drivers to connect to third-party apps. Toyota advertises it as their “connected services that provide safe, secure, comfortable, and convenient services through vehicle communication.”
View Video
boxyhq

What is DevOps and how has it evolved into DevSecOps

Oct 12, 2022 By Jay Singh In BoxyHQ

Let's first take a look at what DevOps (Developer Operations) is so we can better understand why it has now evolved into DevSecOps (Developer Security Operations). DevOps is a combination of philosophies, practices, and tools that increases a business's ability to deliver better development in less time (Higher velocity). This can be applied to building a new product or the process of continuous improvement that applies to most products we see today.

Read Post
mend

Why Building a Modern AppSec Program is Vital for Digital Business

Oct 11, 2022 By Carol Hildebrand In Mend

This is the first of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. Be sure to look out for our upcoming blogs on each of the five principles. The COVID-19 pandemic accelerated the digitalization plans for global organizations by three years, while the adoption rate for digitized products and services increased by seven years.

Read Post
teleport

Securely Managing Your Audit Logs with Teleport and Snowflake

Oct 11, 2022 By Kenneth DuMez In Teleport

One of the most important features Teleport has to offer is that it centralizes all of your infrastructure’s audit logging into one central place, mapping every query, every command and every session to an individual user's identity. As you hire more engineers and resources scale, it can become increasingly difficult to manage all of this log data. Luckily Teleport’s extensibility makes this log data extremely easy to format, export and monitor all in a secure, event-driven way.

Read Post

[Webinar] DevOps backups vs. ransomware - best security and compliance practices.

Oct 11, 2022 By GitGuardian In GitGuardian
Ransomware is still on the rise and does not bypass DevOps ecosystems and SaaS services. Backup is the final line of defense against ransomware so it should be ransomware-proof itself. Join the webinar and check on how to ensure security and continuity of operations in your DevOps environments.
View Video

[Webinar] DevSecOps - A DevSecOps Maturity Model for Secrets Management

Oct 10, 2022 By GitGuardian In GitGuardian
Listen to experts from KuppingerCole Analysts and GitGuardian as they discuss security vulnerabilities in DevOps environments, which are often due to a lack of visibility and control of widely distributed secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, and service account passwords, leaving millions of credentials exposed.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.