Tag: devops security
AWS CodeBuild Webhook Misconfiguration Exposed Admin Access Risk
Tom Smith | | AWS CodeBuild, AWS open source, build pipeline security, CI/CD security, devops security, GitHub security, regex security, Software Supply Chain, webhook misconfiguration, Wiz ResearchAWS fixed webhook filter misconfigurations in CodeBuild that could have allowed unauthorized repository access. No customer impact or malicious code found ...
How to Integrate Quantum-Safe Security into Your DevOps Workflow
Carl Torrence | | CI/CD pipeline security, Cloud Security, crypto-agility, cybersecurity modernization, devops security, devsecops, encryption protocols, future-proof DevOps, hybrid encryption, legacy to quantum-safe migration, post-quantum cryptography, quantum computing, quantum cybersecurity, quantum key distribution, quantum risk mitigation, quantum threats in DevOps, quantum-resistant algorithms, quantum-safe automation, quantum-safe CI/CD, quantum-safe encryption, secure DevOps workflowsThe rapid pace at which quantum computing is evolving is unprecedented, which is both good and bad news. While quantum computers can help solve complex problems at unimaginable speeds, they can also ...
Patch Management is Essential for Securing DevOps
Alexander Williams | | automated patching, automated rollbacks, canary deployments, CI gating, CI/CD pipelines, cloud-native security, continuous delivery security, CVE scanning, devops best practices, devops security, devsecops, feature flags, mean time to patch (MTTP), observability in devops, patch automation tools, patch management, runtime mitigation, SBoM, security automation, software bill of materials, software vulnerabilities, supply chain security, vulnerability discovery, vulnerability management, zero-day defense, zero-day exploitsZero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize ...
Git Services Need Better Security. Here’s How End-to-End Encryption Could Help
Tom Smith | | code security, devops security, end-to-end encryption, GitLab security, repository protection, secure development practices, Software Supply Chain SecurityA new study from the University of Sydney, UESTC, and Google introduces efficient end-to-end encryption for Git services like GitHub and GitLab. Learn how this breakthrough could secure your code repositories without ...
Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning
Alan Shimel | | artifact provenance, CI/CD security, continuous verification, credential theft, devops security, devsecops, GitHub tokens, npm malware, OIDC, pipeline security, SBoM, Secure software delivery, Shai-Hulud worm, short-lived tokens, Software Supply Chain, supply chain attackDevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us ...
The DevSecOps Career Path: What No One Tells You About Getting Started
Philip Piletic | | CI/CD security, Cloud Security, container security, developer security skills, devops security, DevOps to DevSecOps, devsecops, DevSecOps career transition, DevSecOps certifications, DevSecOps roadmap, DevSecOps skills, infrastructure as code security, OWASP Top 10, Secure software delivery, supply chain securityDevOps teams across organizations are suddenly finding themselves responsible for security with no roadmap. One day, teams are focused on deployment velocity and infrastructure automation, the next day, they're expected to understand ...
Elevating DevOps Security: Why Integrating Threat Modeling Transforms Pentesting
Akhil Mittal | | application security, devops security, pentesting, Risk-based security testing, threat modelingDo not stop at compliance — embrace threat-driven pentesting and build a security posture that is ready for the real-world threats your organization faces ...
5 Security Threats DevOps Teams Should Know
Gilad David Maayan | | application security, code scanning, devops security, devsecops, network filteringDevOps security (DevSecOps) is about breaking down silos and promoting open collaboration across teams ...
A DevOps Guide to the Language of DevSecOps
Security is increasingly important for DevOps due to the growing complexity of applications and the accelerated pace of development. As organizations adopt DevOps practices, they face new challenges in securing applications and ...
Security Debt: Speed vs. Common Sense
Don Macvittie | | Agile Security, crash, devops security, kubernetes, privileged access management, run time securityA couple years ago, we had some spectacular security events that involved DevOps and Kubernetes, where the managing team simply redeployed containers whenever one crashed. It turned out that many organizations were ...
Securing APIs at the Speed of DevOps
In the 2021 State of DevOps Report, 83% of IT decision-makers told Puppet that their organizations were in the process of implementing DevOps practices to improve the quality of their software, the ...
DevOps Chat: Maximizing the Benefits of DevSecOps
When discussing security in DevOps, we often focus on the security tools instead of the DevSecOps process itself. In this DevOps Chat, ZeroNorth CEO John Worrall takes us to the root of ...
