For the majority of people in the information security world, the act of offensive hacking is something they are tasked with protecting against but have little ability to do themselves. That is like asking a professional boxer to enter the ring without knowing how to throw a punch. Sure, you may be able to get in and last a few rounds, but eventually, a formidable opponent will wear you down and knock you out.
Open Source projects can be a great asset, or they can be a curse – it’s all in how you manage it. To be successful in using open source, there are several things to keep in mind, from licensing to updates. And if you ignore any of them, it can cause problems. Here are some things to consider.
When Gronk the caveperson chipped out the first wheel from a slab of granite only to watch it roll away down a hill at some speed, he discovered we could build things to make our lives easier. We took this idea and ran with it, and now we have internet connected shoes. However, we also have cybercrime, data theft, phishing, scams, ransomware... the list goes on.
Nothing gets the AppSec / InfoSec community abuzz quite like a good old 0-day vulnerability. I mean, what’s not to love here? These vulnerabilities involve the thrill of adversaries knowing something we don’t, giving them a path to sail through our defenses to break into that sweet data inside. They are the James Bond of the security space — suave, sexy, and deadly.
Developers the world over depend on the Apache Struts open source framework to build valuable and powerful applications. This open source component and the Apache Software Foundation that stands behind it have provided organizations with a cost-effective force multiplier that allows their teams to develop faster and more efficiently. A very active project, GitHub shows Apache Struts as having 5,441 commits and 112 releases.
Forseti Security is open source security tool built for Google Cloud Platform. It can keep track of your environment, monitor your policies and even enforce in the future. The install is pretty simple since it’s contained within a Deployment Manager template. Deployment Manager automates infrastructure deployments of Google Cloud Platform resources. I’m going to highlight some of the notes from the official Forseti documentation in this post for completeness.
Being able to secure your cloud resources at scale is important for all Google Cloud Platform users. To help ensure the security of GCP resources, you need to have the right tools and processes in place. Spotify and Google Cloud worked together to develop innovative security tools that help organizations protect GCP projects, and have made them available in an open source community called Forseti Security. Forseti is now open to all GCP users!
