Today we’re announcing a new container security cheat sheet and report — created in collaboration with our partner Sysdig. Download cheatsheet In this post, we’ll outline tips to help you successfully navigate the challenges of container security with a focus on three core principles: Traditional security approaches are incapable of handling the distributed and ephemeral nature of containers.

Distributed containerized systems compose applications, resources, services, databases, and other artifacts. These components often need sensitive information such as user keys, passwords, API keys, and certificates to function properly. Secrets management is critical for adequately handling sensitive information and Kubernetes deployments often utilize their built-in Secrets resource type and associated RBAC controls but what if you aren’t deploying on Kubernetes?

The introduction of mobile devices has rapidly changed the world as we know it, as these small gadgets that are intended to fit into the palm of our hands rapidly gained dominance over our day-to-day activities. Thanks to these portable devices, we now have access to an abundance of information available to us on demand with minimal effort.

Drupal is a popular content management system (CMS) that leading corporations and government agencies use for mission-critical applications. With a supportive community of developers, robust security, multilingual support, compliance with WCAG guidelines, and ease of integration, Drupal is a go-to CMS.

One of the main goals for this research was to explore how it is possible to execute arbitrary commands even when using a safe API that prevents command injection. The focus will be on Version Control System (VCS) tools like git and hg (mercurial), that, among some of their options, allow the execution of arbitrary commands (under some circumstances). The targets for this research are web applications and library projects (written in any programming language) that call these commands using a safe API.

Oracle Communications Session Border Controller (SBC) is one of the most popular products worldwide that helps service providers deliver trusted, carrier-grade, real-time communications such as VoLTE, VoIP, video conferencing and calling, presence, IM, and IPTV. Harold Zang, Senior Technical Security Specialist and Jeremy Nunn, Security Specialist at Trustwave SpiderLabs, identified three vulnerabilities in the Oracle SBC.

Open source libraries and frameworks are a great way to jump-start development projects. Open source empowers developers to do some great things without reinventing the wheel and developing solutions for problems that have already been solved. However, adding any code to a project carries an inherent risk of introducing potential vulnerabilities that may have made their way into it through error or malice.

New exciting Kubescape features have recently landed - Code repository scanning & Container image registry scanning! By enhancing Kubescape's security posture capabilities, you will be able to embed security even earlier in the SDLC (Software Development Lifecycle) and in a broader range of places in your CI/CD pipeline.

There are many ways to find bugs in Python code: the built-in debugger (pdb), a healthy amount of unit tests, a debugger in an IDE like Pycharm or Visual Studio, try/catch statements, if/else statements, assert statements, or the tried and true practice of covering every inch of your codebase in print() statements like it’s going out of style. Assert statements can help us catch bugs quickly and are far less intrusive than copious amounts of print statements.