Thursday, January 28, 2021
  • The Right to Privacy: Navigating Personal, Physical and Digital Safety
  • What Data Privacy Day 2021 Means for Individuals
  • Breach Clarity Data Breach Report: Week of Jan. 26
  • Arrest, Seizures Tied to Netwalker Ransomware
  • What are Windows Process Creation Events and Why You Should Enable Them

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
DevOps Security Bloggers Network 

Home » Cybersecurity » DevOps » Five Easy Steps to Keep on Your Organization’s DevOps Security Checklist

Five Easy Steps to Keep on Your Organization’s DevOps Security Checklist

by Tripwire Guest Authors on March 5, 2019

The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction”; it subsequently allows attackers to gain root-level code execution on the host.

Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a single, simple rule: lock the door. Studies have shown an increasing number of publicly accessible, containerized environments that require no credentials. That means anyone — maybe you, maybe me — could gain control and deploy the appropriate malicious container required to gain root-level access.

We know that speed (of delivery and deployment) is critical to success in the digital economy and that it often accounts for skipping security gates on the way to market. But sacrificing security for speed can easily turn that success into disaster.

Fortunately, there are a variety of simple steps you can take to help improve security without sacrificing speed. Here are five easy steps you should seriously consider to avoid becoming the next hashtag on Twitter.

  1. Localize components

Studies agree that 80-90% of your app is comprised of third-party components. Too often these components are loaded at run-time from external sites and excluded from existing source code analysis scans. One of the ways in which the runc vulnerability could be exploited is by poisoning a container that is subsequently pulled and used in an application. The same is true for UX components loaded from third-party sources. Whenever possible, host third-party components on your own site to reduce the risk of tampering. If you think this isn’t really a risk, may I suggest reading about the compromised ESLint packages discovered in 2018?

  1. Scan components

Third-party components can — and do — contain vulnerabilities. If it’s part of your app, it should (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/devops/devops-security-checklist/

March 5, 2019March 5, 2019 Tripwire Guest Authors checklist, CI-CD, DEVOPS, vulnerability
  • ← Can You Stop Phishing Emails? Why What You’re Doing Now is Failing.
  • GDPR-compliant organisations reaping the benefits, study finds →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Sonrai Security Marketing

AWS Checklist for 2021: Expert Advice on Security and Risk Priorities

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Building Cognitive Resilience for Crisis Response
Insider Risk Threatens Digital Enterprise
Remote Work Needs a More Secure Cloud
How Educational Institutions can Disrupt Ransomware Attackers
Human and Software Flaws Leave Remote Workers Vulnerable
Parler’s Return, Pelosi’s Stolen Laptop, Vaccination Passports
2020 Data Breaches Point to Cybersecurity Trends for 2021
DEF CON 28 Safe Mode IoT Village – Sanjana Sarda’s ‘Kicking Devices, Taking CVEs: Zoomer Guide To Hacking’
DEF CON 28 Safe Mode IoT Village – Netspooky’s ‘Hella Booters, Why IoT Botnets Aren’t Going Anywhere’
Is Biden’s Peloton Bike an IoT Cybersecurity Risk?

Upcoming Webinars

Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 09

How 2020’s Top 5 Attacks Reveal the Coming Cyberthreats in 2021

February 9 @ 1:00 pm - 2:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 16

Security Policy Management in Hybrid Cloud Environment

February 16 @ 11:00 am - 12:00 pm
Feb 16

How Vertical Change Secures Sensitive Data Using Open Source Tools

February 16 @ 1:00 pm - 2:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm
Feb 18

Protecting Sensitive Customer Data in the New Remote Agent Environment

February 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Why Enterprises Must Take Ransomware Attacks Seriously
Cybersecurity Data Security Endpoint Featured Incident Response Industry Spotlight Malware Security Boulevard (Original) Threats & Breaches 

Why Enterprises Must Take Ransomware Attacks Seriously

January 27, 2021 Matthew Rogers | Yesterday 0
How Educational Institutions can Disrupt Ransomware Attackers
Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Network Security Security Awareness Security Boulevard (Original) Social Engineering 

How Educational Institutions can Disrupt Ransomware Attackers

January 26, 2021 Tony Cole | 1 day ago 0
Human and Software Flaws Leave Remote Workers Vulnerable
Application Security Cybersecurity Data Security Endpoint Incident Response Industry Spotlight Malware Security Boulevard (Original) Threats & Breaches 

Human and Software Flaws Leave Remote Workers Vulnerable

January 26, 2021 Alexander Ivanyuk | 1 day ago 0

Top Stories

ADT Installer Hacks Home Cams for Sexual Thrills
Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Identity & Access IoT & ICS Security Network Security News Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches 

ADT Installer Hacks Home Cams for Sexual Thrills

January 27, 2021 Richi Jennings | Yesterday 0
TetherView Unveils Digital Bunker Service for Virtual Desktops
Application Security Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

TetherView Unveils Digital Bunker Service for Virtual Desktops

January 26, 2021 Michael Vizard | 1 day ago 0
FBI to Investigate Parler, New Russian Host will be Revoked
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Endpoint Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Uncategorized 

FBI to Investigate Parler, New Russian Host will be Revoked

January 22, 2021 Richi Jennings | Jan 22 0

Security Humor

via the comic delivery system monikered Randall Munroe resident at XKCD !

XKCD ‘Trash Compactor Party’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.