Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Identity-Based Data Security on AWS

Speakers: Dave Cole, CEO of Open Raven Ev Kontsevoy, CEO of @Teleport Modern data drives business value. But the speed with which it is created and accessed across a global AWS footprint increases risk considerably. The old ways of securing data – VPNs, shared credentials stored in a secure vault, offsite backups – are no longer sufficient and don't work at cloud-scale. Join Teleport CEO Ev Kontsevoy and Open Raven CEO Dave Cole as they present a practical view of modern data security in two parts.

Impact Analysis: CVE-2022-29218, Allows Unauthorized Takeover of New Gem Versions via Cache Poisoning

It’s been a bad month for RubyGems vulnerabilities. Critical CVE-2022-29176 was issued May 8, 2022, and another critical CVE-2022-29218 was discovered less than a week later, on May 11. This new vulnerability would allow for a takeover of new versions of some platform-specific gems under certain circumstances.

Terraform & Keeper Secrets Manager: Better Together

Terraform is a very popular infrastructure-as-code (IAC) tool that enables DevOps teams to deploy and manage infrastructure such as servers, containers and databases. Since Keeper Secrets Manager supports record creation through Terraform, you can secure infrastructure secrets using your Keeper Vault. This feature, combined with existing credential read functionality, makes it possible to maintain your credentials’ full lifecycle using Keeper and Terraform.

Secure Bots and Service Account Access With Ephemeral Certificates

"Create cryptographically secure access keys" and "Rotate keys frequently" — These are probably the best security recommendations one can get for bot authentication security. In reality, while these are good practices, they simply aren't enough. First, cryptographically secure keys only prevent simple guessable or brute-force attacks, but the impact is catastrophic if the keys themselves are stolen.

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover

On May 6, 2022, a critical CVE was published for RubyGems, the primary packages source for the Ruby ecosystem. This vulnerability created a window of opportunity for malicious actors to take over gems that met the following criteria: Because RubyGems provides data dumps that include a lot of information, it is unfortunately relatively simple to create an automated mining process for these criteria.

3 Ways Developers Can Boost In-App Security

In the past, responsibility for data privacy and security fell on non-development teams, like IT, security or compliance. But this is changing. Thanks to the adoption of cloud native technologies and trends like policy-as-code, developers are more focused on security than ever. According to the Styra 2022 Cloud-Native Alignment Report, over half of developers think their organization should enhance its data privacy efforts in the next 12 months.