Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Many high-growth technology startups are pressured to deliver applications to market ahead of fast-moving competitors. It’s all too easy to allow a “we’ll get to that eventually” mentality to creep in when competing priorities appear to force a tradeoff with development velocity. This introduces unnecessary risks, but they can be mitigated by implementing an effective AppSec program that involves the right tools, processes, and mindset.

Least hot take of all time: Interruptions and rework are the worst. The modern dev pipeline is purpose-built to make collaboration easier and allow individuals and teams to work together to contribute to regular code pushes. This of course means lots of invention, feedback, creativity and iteration, all of which work best when they can be the point of current focus.

From reading many Python Docker container blogs, we’ve found that the majority of posts provide examples of how to containerize a Python application independent of its framework (Django, Flask, Falcon, etc.). For example, you might see something like this: With this Dockerfile, we can build and run a Python Flask application: Two simple steps and it works just fine, right?

As organizations look for solutions that enable them to create a software bill of materials (SBOM) to ensure they’re meeting new governmental mandates for protecting the software supply chain, it’s important to understand the difference between solutions based on reporting vs. remediation. The primary focus of any SBOM solution should be on open source code. The use of open source continues to expand exponentially. Open source components comprise 60%-80% of today’s applications.

Customers are increasingly looking for just-in-time access to infrastructure. Imagine there is a production outage and a senior SRE needs to login to a production server to diagnose and fix the issue. In this organization, on-call SREs have elevated access to production systems, but when they are off-duty, their privileges are reduced. When the Pager Duty alert goes off, our on-call SRE ssh’s into the server but after several minutes of looking, can’t diagnose the issue.

Keeping Active Directory secure is one of the most critical tasks for organizations’ information security. Keeping track of users’ activity is a fundamental part of AD security. But before jumping into purchasing shiny tools, there’s a lot you can do by simply changing and leveraging AD built-in audit capabilities.

Azure Government is a dedicated cloud for public sector organizations that want to leverage Azure’s suite of services in their highly regulated environments. As these organizations migrate their applications to Azure Government, they need to ensure that they can maintain visibility into the status and health of their entire infrastructure.

There’s never a dull moment at Snyk and for our Channel team that it’s been especially rewarding. We’re very excited to say that this week Snyk Infrastructure as Code (Snyk IaC) was named the winner of the cloud security category for the 2021 CRN Tech Innovator award. The full list of winners, unveiled earlier this week, showcases innovative vendors in the IT channel across 47 different technology categories, in key areas ranging from cloud to storage to networking to security.

Managing application resources at scale can be tricky business. As such, many DevOps and AppSec teams turn to using a declarative framework rather than writing individual scripts to deploy, manage, and maintain access controls for their resources. For Azure environments, Azure Resource Manager (ARM) is this management layer that allows teams to manage their infrastructure as code (IaC) through declarative ARM templates.