Tag: Infosec

• Increasing the security bar in Ingress-NGINX v1.2.0

  Posted on May 2, 2022, Level intermediate Resource Length medium

  The Ingress may be one of the most targeted components of Kubernetes. An Ingress typically defines an HTTP reverse proxy, exposed to the Internet, containing multiple websites, and with some privileged access to Kubernetes API (such as to read Secrets relating to TLS certificates and their private keys). By Ricardo Katz (VMware), James Strong (Chainguard).

  ---

  Tags nginx kubernetes containers devops infosec

• MySQL 8: Password verification policy

  Posted on April 28, 2022, Level intermediate Resource Length medium

  The artcicle discusses the password verification-required policy introduced in MySQL 8.0.13. With this feature, it is possible to require that attempts to change an account password be verified by specifying the existing current password to be replaced. By Brian Sumpter.

  ---

  Tags sql database cio infosec devops

• How to automate security metrics without upsetting your colleagues

  Posted on April 12, 2022, Level beginner Resource Length short

  The need for greater automation in security metrics and measurement is clear to most people in our industry. Security teams have the luxury of access to an enormous amount of security data, giving insight into every aspect of their environments. By Nik Whitfield.

  ---

  Tags infosec management miscellaneous cio analytics

• Facelift Kurun for Kubernetes event tunneling

  Posted on April 8, 2022, Level intermediate Resource Length medium

  Kurun is a multi-tool to help Kubernetes developers. We can summarize one of its features in a short sentence: just like go run main.go but executed inside Kubernetes with one command. By Sándor Lovász.

  ---

  Tags cio infosec kubernetes containers devops

• A new security approach for the new age of multi-cloud

  Posted on April 7, 2022, Level beginner Resource Length short

  Most organizations today deploy web applications across multi-cloud and hybrid environments. However, existing models for application security are obsolete and no longer up to the task of providing high-grade, consistent, and frictionless application security across clouds. By Eyal Arazi.

  ---

  Tags cio infosec cloud

• Build a secure e-commerce app with SuperTokens and Hasura GraphQL

  Posted on April 6, 2022, Level intermediate Resource Length long

  This tutorial will show you how to develop a secure e-commerce store using SuperTokens authentication in a React.js app. We'll use a modern stack that includes React, Hasura GraphQL, and SuperTokens. By Ankur Tyagi.

  ---

  Tags app-development infosec web-development nosql apis nosql

• Exploring Windows UAC bypasses: Techniques and detection strategies

  Posted on February 9, 2022, Level beginner Resource Length long

  Malware often requires full administrative privileges on a machine to perform more impactful actions such as adding an antivirus exclusion, encrypting secured files, or injecting code into interesting system processes. By @sbousseaden.

  ---

  Tags cio infosec miscellaneous analytics

• DevSecOps: Why you should care and how to get started

  Posted on February 7, 2022, Level beginner Resource Length long

  The increasing popularity of DevOps software development methodologies has led to shorter and more agile life cycles, in which software is released and deployed in minutes or hours rather than the days, weeks, or even months required under traditional practices. However, many development teams still experience delays in getting releases into production due to the security considerations that are traditionally brought to bear at the end of the life cycle. To address this, organizations are more and more frequently adopting a DevSecOps approach. By Katrina Novakovic, Chris Jenkins.

  ---

  Tags devops cloud app-development infosec

• Enabling transparent data encryption for Microsoft SQL with Vault

  Posted on February 3, 2022, Level intermediate Resource Length medium

  Learn how HashiCorp Vault can help secure data in Microsoft SQL Server using a defense-in-depth encryption strategy. By Narayan Iyengar.

  ---

  Tags database infosec cloud azure

• Securing IoT with Quantum Cryptography

  Posted on January 25, 2022, Level intermediate Resource Length short

  The Internet of Things (IoT) is a growing technology that continues to gain traction year after year. On the one hand, it can be helpful, but on the other hand, it carries many security threats. These threats include scalable remote attacks, side-channel attacks on cryptography, DDoS attacks, data breaches, malware, and others. By Roland Atoui.

  ---

  Tags cloud cio infosec crypto iot

• Privacy fines: GDPR sanctions in 2021 exceeded $1 billion

  Posted on January 20, 2022, Level beginner Resource Length medium

  Privacy regulators in Europe last year imposed known fines totaling more than 1 billion euros ($1.2 billion) under the EU's General Data Protection Regulation, bolstered in part by two record-breaking sanctions, according to the law firm DLA Piper. But sanctions approach varies widely across 31 countries complying with privacy law. By Mathew J. Schwartz.

  ---

  Tags infosec cio management web-development browsers miscellaneous analytics

• What identity management teaches CSOs/CDOs about data-centric security

  Posted on January 19, 2022, Level beginner Resource Length medium

  At the turn of the 21st century, the identity management discipline within IT Security was born of necessity. Advancements in computer technology meant that every area, function, and discipline within organizations was turning to automation to gain a competitive advantage. A computer was placed on every desk, and servers, mini-computers, and mainframes were being deployed to automate every area of the business. By Chris Olive.

  ---

  Tags big-data data-science infosec software-architecture cio how-to

• ← Newer Posts
• Older Posts →