In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.
COVID-19 has not only changed the way we live but also forced many changes to standard business processes. This article will explore some challenges around human resource (HR) hiring, offboarding and contracting activities. As companies in multiple jurisdictions continue to look for advice from state and federal authorities on COVID-19 safe work plans, this article offers some security considerations from a physical security as well as cyber security perspective.
The hybrid workforce is here to stay. With that in mind, you should start putting more robust cybersecurity controls in place to mitigate risk. Virtual private networks (VPNs) help secure data, but they are also challenging to bring into your log monitoring and management strategy. VPN and firewall log management gives real-time visibility into security risks. Many VPN and firewall log monitoring problems are similar to log management in general.
Securely running workloads in Kubernetes can be difficult. Many different settings impact security throughout the Kubernetes API, requiring significant knowledge to implement correctly. One of the most powerful tools Kubernetes provides in this area are the securityContext settings that every Pod and Container manifest can leverage. In this cheatsheet, we will take a look at the various securityContext settings, explore what they mean and how you should use them.
Broken Access Control is #5 in the current OWASP Top Ten Most Critical Web Application Security Risks. It should be viewed in conjunction with Broken Authentication, currently the #2 risk.
Traditional security programs were predicated on protecting the typically internally hosted technology infrastructure and the data within that environment. This led to an ecosystem composed of numerous discrete tools and processes all intended to detect adversaries and prevent harm. It included a multitude of controls spanning network and infrastructure security, application security, access control, and process controls.
Whether a seasoned professional or a fresh computer science grad, every developer has his or her stressful moments of trying to dig through scanning results to mitigate or remediate a vulnerability. Since you work at the speed of “I need this yesterday,” it’s a hassle to slow down and fix flaws or even stop to rewrite code entirely. Effective AppSec today is about executing essential application security (AppSec) tests as you’re writing code.
Veracode was recently named the winner of IT Central Station’s 2021 Peer Award for application security testing (AST). Winners were chosen based on reviews from verified customers to help prospective buyers make well-informed, smart business decisions. “Receiving positive feedback from our customers on the leading technology review site for cybersecurity, DevOps, and IT is a true testament to our products and services,” said Mark Bissell, Chief Customer Officer at Veracode.
