Zero standing privilege (ZSP) is an applied zero trust security strategy for privileged access management (PAM). The term zero standing privilege was coined by an analyst at Gartner. In practice, it implies no users should be pre-assigned with administrative account privileges. Zero-trust security forbids authorization based on static predefined trust boundaries.
As developers, we all have our morning startup routine: make coffee, check Slack/Discord/email, read the latest news. One thing I do as part of my daily startup routine is check the Snyk Vulnerability Database for the latest open source vulnerabilities. It’s been especially interesting to see the types of exploits and vulnerabilities that appear in different ecosystems.
Cloud-native and open-source technologies are booming. But for a successful cloud expansion, IT decision-makers and developers need to be in agreement despite their unique roles in the process. As more enterprises transition to cloud-native environments, the big question is how aligned are IT decision-makers and developers?
Very early in the morning on March 30th (for me), my colleague DeveloperSteve posted a “Hey, have you seen this?” message in our slack channel. It was an “advance warning” of a “probable” remote code execution (RCE) in the massively popular Java Spring framework. I would come to find out that even earlier than that, the Snyk Security team started investigation a potential RCE in Spring after seeing a tweet that has since been deleted.
In a recent episode of TFiR Let’s Talk, Swapnil Bhartiya sat down with Sathya Sankaran, Chief Operating Officer at CloudCasa by Catalogic, to discuss how the Kubernetes ecosystem is shifting and how CloudCasa is helping organizations address the data protection weaknesses in Kubernetes and cloud-native infrastructure and adopt these new technologies.
This blog is part of a series on how to provide identity-based access to AWS resources. In the first tutorial, we saw how to set up an identity-aware AWS bastion host using the OSS solution, Teleport. In this blog, we will expand the scenario to use a single-sign-on (SSO) authentication mechanism to issue certificates to specific groups of users to access AWS resources.
GraphQL provides security straight out of the box with validation and type-checking. However, it doesn’t fully address security concerns around APIs. In this article, we’ll learn how to secure GraphQL APIs by building a simple Node.js application using Fastify and GraphQL. According to its official documentation, GraphQL is a graph query language for APIs and a runtime for fulfilling those queries with our data.
