Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Technology

Leveraging logs to better secure cloud-native applications

With the growing popularity of cloud computing, security incidents related to it have been on the rise. Logs are indispensable resources for countering these threats, and they can be utilized for alerting, taking remedial action, and even preventing future attacks. In this post, we will examine ways to better secure cloud-native applications using logs.

API Authorization at the Gateway with Apigee, Okta and OPA (Part 1)

API gateways have become a standard component in modern application architectures. The gateway exposes application APIs to the Internet and serves as a logical place to enforce policy. This is a two-part series about enforcing API authorization policies in Apigee with Okta as the identity provider (IdP).

Escape The Ticketing Turmoil | Slack/PagerDuty Integrations | Teleport Workflow API

Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations. These requests can be approved or denied via ChatOps in Slack, in PagerDuty, or anywhere else via a flexible Authorization Workflow API.

Open source licenses: No license, no problem? Or ... not?

In 2019, the Black Duck® Audit Services team audited 1,253 codebases to identify open source components, their associated licenses, security vulnerabilities, and overall community activity. Our Audit Services team has extensive experience in not only identifying open source licenses, but also researching the more than 2,700 license permutations that exist in the open source world. But what happens when an open source component has no license at all?

SKILup Day DevSecOps | How To Securely Access Compute Resources In Cloud Environments | Virag Mody

Virag Mody, Technical Writer for Gravitational gave a concise talk on Infrastructure Security best practices for SKILupDays DevSecOps 2020. In the talk he covers why certificate authorities are so important, and what individuals can do to create a more secure infrastructure access process.

Why Your Org Needs DLP for Slack: Ensuring Long-Term Data Security

Cloud security requires long-term investments to get right. Today’s demands of remote work and collaboration across teams are forcing security leaders to make fast decisions about which business tools they should allow their orgs to adopt. Data loss prevention (DLP) is a good way to support cybersecurity policies that will safeguard sensitive data and perform at the highest levels of security over the long haul.

The Definitive Guide to Travel APIs

Cutting-edge applications in the travel industry heavily rely on third-party APIs and web services. Take TripActions: the corporate travel management software connects to the United Airlines API, the Southwest Airlines API, and the Lufthansa Group API to import their content like flight schedules and fares. Likewise, it connects to human resources APIs (Namely, BambooHR), finance APIs (Expensify, Spendesk), travel services APIs (VisaHQ, Stasher), and more.

Understanding Ecommerce APIs

If you work in the ecommerce industry, you know that every part of its value chain has been eaten by software: from product sourcing, inventory management, warehousing, online shopping, marketing operations, order management, payment processing, shipping, up to tax management. Today’s state-of-the-art ecommerce software is connected to countless other services. How? Through APIs. Take a random online store using Shopify, which empowers over 1,000,000 merchants in 175 countries.

Best Practices for FinTech APIs

How many third-party APIs is your application consuming? All modern FinTech companies rely on external APIs to run their business. Take Robinhood for instance: the famous investment application is using the Plaid API to connect to its users’ bank accounts, the Xignite API to get financial data, and the Galileo API to process payments. That is only the beginning. The essential parts of their service could not run without consuming third-party APIs.