Auditing Amazon Machine Images with Tripwire For DevOps
Tripwire For DevOps continues to add new features and capabilities. The newest of these is the ability to perform vulnerability scans against Amazon Machine Images (AMIs) in the same Tripwire For DevOps workflow used for your Docker containers. This blog will discuss the creation of AMIs and how to audit ... Read More
Tripwire For DevOps External Registry And Alert Capability
Although many organizations are shifting security to the left and embracing the integration of security tools into their continuous integration / continuous delivery pipelines, there are others who have different wants and needs. Private Registries One popular use case for Tripwire for DevOps is the scanning of private customer registries ... Read More
Infosecurity Europe Preview: Shifting Left – Integrated Container Security and DevSecOps
There is little doubt that DevOps philosophies have been taking over in many different types of organizations, providing the advantages of faster time to market as well as greater flexibility and resiliency. You’ve probably heard about shifting security to the left or of the need to inject security into each ... Read More
Study: DevOps Servers In The Wild Highlight Infrastructure Security Needs
A mature DevOps practice involves applying multiple tools at different steps of the delivery pipeline, and a new study from IntSights focuses on these tools that may be open to attack on the Internet. Each new tool added to your process can expand your attack surface area – and, in ... Read More
DevSecOps Survey Reveals Heightened Interest In Automated Security
The 5th annual DevSecOps community survey for 2018 from Sonatype reveals heightened interest in DevSecOps practices after the recent surge of high profile breaches as well as highlights security integration statistics among teams with mature DevSecOps workflows. In this blog post, we’ll discuss some of the important findings from the ... Read More
Amazon Addresses Best Practice Secrets Management with AWS Secrets Manager
Data breaches are becoming increasingly common, and one factor driving this escalation is the fact that today’s IT systems are integrated and interconnected, requiring login information from multiple parties and services. In response, Amazon Web Services has newly launched the AWS Secrets Manager, a service designed to help organizations get a ... Read More
A Google Cloud Platform Primer with Security Fundamentals
We’ve previously discussed best practices for securing Microsoft Azure and Amazon Web Services but, this time, we are going to turn our attention to Google Cloud Platform. Google Cloud Platform (GCP) is growing at an impressive 83 percent year over year but generally receives less focus than AWS and Azure. We can use some of our best practice cloud security ... Read More
Intent Vs Reality: Obstacles Keeping the Sec out of DevOps
The DevOps culture and practice has been sweeping rapidly through the technical community. Combining “Development” and “Operations” roles with automation and monitoring leads to numerous benefits, including faster time to market, fewer failures caused by changes, and shorter downtimes when problems do occur—it’s no wonder DevOps is being widely embraced ... Read More
New Study Shows 20% of Public AWS S3 Buckets are Writable
Data exposure reports have reached a dizzying pace in the past few months, and the security community has been focused on the risk from multiple angles. Now, a new study from HTTPCS gives us new insight into rates of vulnerable S3 configurations. HTTPCS scanned s3.amazonaws.com addresses looking for storage “buckets” ... Read More
