%term

The Chicken & Egg Secret Protection Problem in Micro-services

Dec 23, 2019 By Shauli Rozen In ARMO

Alice keeps all her passwords in an Excel file on her desktop. However, she was told it is a very bad practice, since Eve can easily get access to the computer, read the file,and access Alice passwords and accounts. To enhance her security, Alice got a password protection software, KeePass, and she now saves all her passwords safely there – except for her KeePass password, which Alice keeps in an Excel file on her desktop. ‍Good news for Eve...

Read Post

ARMO

Read more about The Chicken & Egg Secret Protection Problem in Micro-services

It's All About the Baselines: Security Edition

Dec 15, 2019 By Chris Orr In Tripwire

I am all about the baselines. I’ve made an entire career out of them. But if you were to ask a random person on the street what that means, the reaction would be: “Who the heck are you, and why are you asking me random weird questions.” So it would be better if you found someone in the tech industry at least.

Read Post

Tripwire

Read more about It's All About the Baselines: Security Edition

Open Policy Agent in Practice: From Angular to OPA in Chef Automate

Dec 4, 2019 By Styra In Styra

From the Open Policy Agent Summit at KubeCon, Michael Sorens from Chef discusses how OPA provides granular authorization within applications:

View Video

Styra

Read more about Open Policy Agent in Practice: From Angular to OPA in Chef Automate

Open Policy Agent at Scale: How Pinterest Manages Policy Distribution

Dec 4, 2019 By Styra In Styra

From the Open Policy Agent Summit at KubeCon, Jeremy Krach and Will Fu discuss how OPA policies are authored, distributed, and utilized at Pinterest (service mesh, kafka, internal tools). They also cover lessons learned in the process.

View Video

Styra

Read more about Open Policy Agent at Scale: How Pinterest Manages Policy Distribution

TripAdvisor: Building a Testing Framework for Integrating Open Policy Agent into Kubernetes

Dec 4, 2019 By Styra In Styra

From the Open Policy Agent Summit at KubeCon, Luke Massa from TripAdvisor discusses how he leveraged OPA’s API and unit test framework. The example shown is a system in which you write k8s admission policy alongside some mock changes to the cluster, some of which should be accepted and some of which should not be, and then run code that tells you whether your policy matches your expectation.

View Video

Styra

Read more about TripAdvisor: Building a Testing Framework for Integrating Open Policy Agent into Kubernetes

Deploying Open Policy Agent at Atlassian

Dec 4, 2019 By Styra In Styra

From the Open Policy Agent Summit at KubeCon, Chris Stivers and Nicholas Higgins from Atlassian walk through their journey building a global authorization platform with Open Policy Agent and the help of Fluentd, S3, CDN's, Amazon Kinesis, and many more.

View Video

Styra

Read more about Deploying Open Policy Agent at Atlassian

Open Policy Agent for Policy-enabled Kubernetes and CICD

Dec 4, 2019 By Styra In Styra

From the Open Policy Agent Summit at KubeCon, Jiummy Ray from CapitalOne discusses how you can satisfy compliance, governance, and security requirements effectively with OPA.

View Video

Styra

Read more about Open Policy Agent for Policy-enabled Kubernetes and CICD

PSA: Beware of Exposing Ports in Docker

Dec 4, 2019 By Ben Meyer In Tripwire

Docker is an awesome technology, and it’s prevalent in nearly every software developer’s workflow. It is useful for creating identical environments and sharing them between development, testing, production, and others. It’s a great way to ship a reliable software environment between systems or even to customers. However, like with any technology, one must know how to be secure when using it.

Read Post

Tripwire

Read more about PSA: Beware of Exposing Ports in Docker

Modern compliance with Sysdig Secure DevOps Platform

Dec 2, 2019 By Josh Ziman In Sysdig

Authorization to Operate (ATO) in a day and on-going authorization are compliance nirvana. The ATO is the authorizing official’s statement that they accept the risk associated with the system running in production environments using live business data. The idea that all of the information necessary to make a risk decision is at hand and can be consumed by decision makers is what every compliance program is trying to achieve.

Read Post

Sysdig

Read more about Modern compliance with Sysdig Secure DevOps Platform

Technado, Episode 128: CyberArmor's Shauli Rozen

Dec 2, 2019 By ITProTV In ARMO

With the short week for the Thanksgiving holiday in the US, the Technado team decided to have a little fun by looking back at some of the dumbest tech headlines from 2019. Romanian witches online, flat-earthers, and fake food for virtual dogs - what a time to be alive. Then, Shauli Rozen joined all the way from Israel to talk about a zero-trust environment in DevOps. IT skills & certification training that’s effective & engaging. Binge-worthy learning for IT teams & individuals with 4000+ hours of on-demand video courses led by top-rated trainers. New content added daily.

View Video

ARMO

Read more about Technado, Episode 128: CyberArmor's Shauli Rozen

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Chicken & Egg Secret Protection Problem in Micro-services

It's All About the Baselines: Security Edition

Open Policy Agent in Practice: From Angular to OPA in Chef Automate

Open Policy Agent at Scale: How Pinterest Manages Policy Distribution

TripAdvisor: Building a Testing Framework for Integrating Open Policy Agent into Kubernetes

Deploying Open Policy Agent at Atlassian

Open Policy Agent for Policy-enabled Kubernetes and CICD

PSA: Beware of Exposing Ports in Docker

Modern compliance with Sysdig Secure DevOps Platform

Technado, Episode 128: CyberArmor's Shauli Rozen

Monthly Archive

Follow Us