Tag: Infosec
-
How to foster a security culture
Posted on June 15, 2023, Level beginner Resource Length medium
Government IT teams can help make information security a shared responsibility through education and preparedness exercises and by leveraging technology. By Joel Snyder.
Tags infosec cio teams management
-
How DevSecOps teams should approach API security
Posted on June 13, 2023, Level intermediate Resource Length medium
A recommended setup that addresses the unique concerns of developers, security and DevOps teams. It is common for these roles to lack a unified vision on how they approach API security. Therefore, in this post, I will provide a recommended API security setup that benefits all parties involved. By Gary Archer.
Tags apis cloud devops web-development infosec
-
How to keep docker secrets secure: Complete guide
Posted on May 29, 2023, Level intermediate Resource Length medium
Secret values such as API keys, passwords, and certificates need to be safely handled throughout the software development process and your app's runtime. Exposure of secrets can be catastrophic, as unauthorized actors could use the credentials to perform privileged interactions with your services. By James Walker.
Tags docker infosec cloud containers devops
-
Achieving unbrickable remote firmware updates on MCUs with a Microvisor architecture
Posted on May 16, 2023, Level intermediate Resource Length medium
For many years, microcontrollers have been a staple in various products, continuously revolutionizing their feature sets, reliability, and performance. Moore's Law has brought 16- and 32-bit processing to even the smallest and most affordable consumer products. The presence of larger memory and CPU power has allowed the use of real-time operating systems (RTOS) where previously developers had to rely on "bare metal" coding. However, as products have evolved to become connected devices in the context of IoT, it has revealed fundamental shortcomings in the traditional methods of software development for microcontrollers. By Jonathan Williams.
Tags big-data iot streaming robotics cloud infosec
-
How to enable HSTS for enhanced web security in Apache
Posted on May 13, 2023, Level intermediate Resource Length medium
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections, and never via the insecure HTTP protocol. This article will guide you on how to implement and optimize HSTS in Apache for improved web security. By Rahul.
Tags app-development infosec web-development apache ssl
-
From 'Likes' to 'Rewards': How web3 is disrupting traditional social media model
Posted on May 12, 2023, Level beginner Resource Length medium
Over the past decade, social media platforms have revolutionized social interactions for people looking to connect with friends, family, and like-minded individuals and communities. Since the dawn of MySpace and Facebook, social media has provided us with an unprecedented level of connectivity and has opened up a world of opportunities for businesses to connect with their customers. However, with the rise of Web3, traditional social media platforms are being forced to rethink their models in order to stay relevant in a rapidly evolving digital landscape. By chain.com.
Tags web-development infosec blockchain management miscellaneous cio
-
Dissecting Npm malware: Five packages and their evil install scripts
Posted on May 11, 2023, Level intermediate Resource Length medium
Packages published on npm can declare pre and post-install hooks, which are scripts that run, well, pre or post-install. That is to say, when the npm CLI installs a package, it also runs those scripts on your machine. By Gabi Dobocan.
Tags app-development infosec web-development nodejs javascript
-
How to add a Software Bill of Materials (SBOM) to your containers with GitHub Actions
Posted on May 9, 2023, Level intermediate Resource Length medium
Learn how to add a Software Bill of Materials (SBOM) to your containers with GitHub Actions in a few easy steps. An SBOM is an inventory of the components that make up a software application. It is a list of the components that make up a software application including the version of each component. The version is important because it can be cross-reference with a vulnerability database to determine if the component has any known vulnerabilities. By Alex Ellis.
Tags cicd containers docker infosec
-
How to use Ansible to create reports with Lynis, automate audits, and evaluate the security of your systems
Posted on April 29, 2023, Level intermediate Resource Length medium
From the server administrators of highly technological organizations, to product managers of financial institutions, down to the one-man startups that just want to secure their shopping cart, the same question pops up: "If TLS/SSL certificates all do the same thing, what type should we get?" By Digicert.
Tags ansible servers linux infosec
-
How to choose the right type of TLS/SSL certificate
Posted on April 28, 2023, Level beginner Resource Length medium
From the server administrators of highly technological organizations, to product managers of financial institutions, down to the one-man startups that just want to secure their shopping cart, the same question pops up: "If TLS/SSL certificates all do the same thing, what type should we get?" By Digicert.
Tags ssl servers cio learning infosec app-development
-
Cilium Mesh – One mesh to connect them all
Posted on April 23, 2023, Level beginner Resource Length medium
Cilium has rapidly become the standard in Kubernetes networking thanks due to its advanced security, performance, and exceptional scalability. With the increase in the adoption of Cilium, more and more customers have requested to bring Cilium to the world of virtual machines and servers. By Thomas Graf.
Tags app-development devops kubernetes containers infosec
-
How to connect to MySQL remotely with SSH PuTTY Tunnels: A step-by-step guide
Posted on April 6, 2023, Level beginner Resource Length long
MySQL is a popular relational database management system to organize and store data. Depending on your specific use cases and preferences, you can connect to a MySQL Server through a command-line interface, using GUI tools,such as dbForge Studio for MySQL, programming languages or via web-based interfaces such as phpMyAdmin. By Julia Evans.
Tags infosec cloud devops database servers