Infosecurity Europe Preview: Shifting Left – Integrated Container Security and DevSecOps

There is little doubt that DevOps philosophies have been taking over in many different types of organizations, providing the advantages of faster time to market as well as greater flexibility and resiliency. You’ve probably heard about shifting security to the left or of the need to inject security into each ... Read More

Study: DevOps Servers In The Wild Highlight Infrastructure Security Needs

A mature DevOps practice involves applying multiple tools at different steps of the delivery pipeline, and a new study from IntSights focuses on these tools that may be open to attack on the Internet. Each new tool added to your process can expand your attack surface area – and, in ... Read More

DevSecOps Survey Reveals Heightened Interest In Automated Security

| | DEVOPS, DevSecOps, security
The 5th annual DevSecOps community survey for 2018 from Sonatype reveals heightened interest in DevSecOps practices after the recent surge of high profile breaches as well as highlights security integration statistics among teams with mature DevSecOps workflows. In this blog post, we’ll discuss some of the important findings from the ... Read More

Amazon Addresses Best Practice Secrets Management with AWS Secrets Manager

| | amazon, Cloud, DEVOPS
Data breaches are becoming increasingly common, and one factor driving this escalation is the fact that today’s IT systems are integrated and interconnected, requiring login information from multiple parties and services. In response, Amazon Web Services has newly launched the AWS Secrets Manager, a service designed to help organizations get ... Read More

A Google Cloud Platform Primer with Security Fundamentals

We’ve previously discussed best practices for securing Microsoft Azure and Amazon Web Services, but this time we are going to turn our attention to Google Cloud Platform. Google Cloud Platform (GCP) has grasped 5 percent of the cloud market and is growing at an impressive 76 percent year over year, ... Read More

Intent Vs Reality: Obstacles Keeping the Sec out of DevOps

The DevOps culture and practice has been sweeping rapidly through the technical community. Combining “Development” and “Operations” roles with automation and monitoring leads to numerous benefits, including faster time to market, fewer failures caused by changes, and shorter downtimes when problems do occur—it’s no wonder DevOps is being widely embraced ... Read More
New Study Shows 20% of Public AWS S3 Buckets Are Writable

New Study Shows 20% of Public AWS S3 Buckets are Writable

Data exposure reports have reached a dizzying pace in the past few months, and the security community has been focused on the risk from multiple angles. Now, a new study from HTTPCS gives us new insight into rates of vulnerable S3 configurations. HTTPCS scanned addresses looking for storage “buckets” ... Read More
Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings

Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings

Responding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storage “buckets” has been behind numerous high profile data breaches, including Verizon, The Pentagon, ... Read More

Don’t Get BuckHacked: What Are You Doing to Keep Your AWS S3 Data Private?

Leaky AWS S3 buckets have been spilling confidential information onto the public internet for years, and now anonymous hackers have created a search engine to make finding those exposed secrets even easier. New on the scene is “BuckHacker.” The name is a portmanteau, stemming from the fact that it allows ... Read More

Advanced Security in All Sorts of Places

There’s a growing trend spreading through many different organizations in which automated and advanced security features are being developed, capabilities which were previously in the realm of more traditional security vendors. There’s now more security in more places than ever before, with much of it owing to infrastructure and software-as-a-service ... Read More