To the Left: Your Guide to Infrastructure as Code for Shifting Left

It's the cloud's world now, and we're all just living in it. The mass migration of organizational infrastructure to the cloud isn't slowing down any time soon — and really, why would it? Cloud computing has allowed developers to move at vastly greater speeds than ever before. And this in turn let...

Securing AWS Infrastructure with Trend Micro Workshop

In this workshop, you’ll learn how to leverage infrastructure as code IaC and Security to automate your cloud security efforts. If you’re interested in making cloud security more efficient, automated, proactive, and accessible, this workshop is for you!...

Security Resources Now on AWS CloudFormation Templates

Trend Micro is helping customers natively deploy Infrastructure as Code IaC resources for security the same way as cloud native infrastructure in collaboration with AWS CloudFormation...

Cross-site Scripting in Jenkins Dashboard View Plugin

Jenkins Dashboard View Plugin prior to 2.16 and 2.12.1 does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As part of this fix, the property for image URLs was changed fr...

Bridgecrew Checkov 代码问题漏洞

Bridgecrew Checkov is an open source application. Static code analysis tool for infrastructure-as-code. Bridgecrew Checkov suffers from a code issue vulnerability that stems from insecure input validation when processing serialized data, which could allow a remote user to pass specially designed...

Creating coefficiency: DevOps, Security, and Compliance

Secure IaC Infrastructure-as-code IaC is a powerful partnership accelerator. As businesses and organizations scale into the cloud to realize its full production-enablement potential, security often struggles to keep up. The ultimate goal on the security horizon is, of course, to prevent risks and...

How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs

Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ formerly CBS All Access streaming platform. Delivering digital content to millions of users on a daily basis doesn’t happen on its own—it makes it to...

A Quick Look Into Cloud Workload Protection Platforms (CWPPs)

The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...

What's New in DivvyCloud by Rapid7: February 2021 Feature Releases

February was another busy month. Internally, as we work to improve our processes, we are still committed to maintaining our frequent release cadence. Our releases, both minor and major, ensure that customers have access to valuable improvements, features, expanded support capabilities, and bug...

Cloud is King: 9 Software Security Trends to Watch in 2021

IT security professionals have largely spent the year managing a once-in-a-generation workforce shift from office to home in 2020. With the initial push over, experts predict that 2021 will be focused on shoring up the cloud and re-imagining organizational workflows under this new normal. Softwar...

Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. GitHub Repo: https://github.com/accurics/terrascan Documentation: https://docs.accurics.com Discuss: https://community.accurics.com Features 500+ Policies for...

PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud

Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple...

Principles of a Cloud Migration

Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. One of the main things they might use during this is “Infrastructure as Code,” where they are creating cloud resources for running their...

The Evolution of DevSecOps

The DevOps methodology offers organizations of all sizes from across all industries a framework for delivering value and responsiveness. Instead of traditional distinct development and operations teams, DevOps embraces multidisciplinary teams that use efficient practices that support continuous...

DNS as Code

Infrastructure as Code IaC and Continuous Delivery methods have become increasingly popular amongst development and operations teams as a means of maintaining high-performing websites...

DNS as Code

Infrastructure as Code IaC and Continuous Delivery methods have become increasingly popular amongst development and operations teams as a means of maintaining high-performing websites. Code repositories, build servers, and configuration management systems are now industry standards, as these tool...

trivy-action

Trivy Action GitHub Actionhttps://github.com/features/ac...

Integrate Security Into DevOps and IaC

This article provides recommendations on implementing security into your CI/CD and infrastructure as code pipeline, and most importantly, how to enable both security and DevOps to start speaking each other’s languages...

Principles of a Cloud Migration – Security W5H – The WHERE

“Wherever I go, there I am” -Security I recently had a discussion with a large organization that had a few workloads in multiple clouds while assembling a cloud security focused team to build out their security policy moving forward. It’s one of my favorite conversations to have since I’m not jus...

Podcast: Shifting Cloud Security Left With Infrastructure-as-Code

Companies are increasingly dealing with a slew of security and compliance issues across cloud services and containers – from AWS to Azure to Google Cloud. Infrastructure-as-Code IaC security capabilities can help companies shift their cloud security “left” to improve developer productivity, avoid...