Rapid7 and HashiCorp Partner to Secure Terraform-based Cloud Infrastructure Deployments

Welcome to the latest installment in our cloud security “shift-left” blog series. In our last post, we covered the importance of integrating cloud infrastructure security assessments into DevOps tools and enabling Infrastructure as Code IaC developers. This time, we’re focusing on Rapid7’s recent...

Now Available on GitHub: Akamai CLI Utility v1.0 for Akamai Terraform

With v0.9 of the Akamai CLI for Terraform, application development teams can build on infrastructure as code IaC and maintain rapid development without compromising security...

Top 5 Infrastructure as Code Security Challenges

Learn how to counteract the top five challenges of IaC and discover how these obstacles pose a threat to security and gain valuable insight in how to mitigate these risks...

Application Security in 2022: Where Are We Now?

It’s always a good thing to take a step back every once in a while to take the lay of the land. Like you, we are always working at a breakneck pace to help secure the web applications being built today and ready ourselves to secure the innovations of the future. When Forrester put out The State o...

Red Team lab automation

It’s not uncommon for red teamers to regularly tear down and rebuild their test labs, I know I do on a sometimes daily basis. It keeps things fresh and manageable, and now, using Infrastructure as Code IaC, we can create a consistent environment to test tools and techniques in. If we break...

Checkov - Prevent Cloud Misconfigurations During Build-Time For Terraform, CloudFormation, Kubernetes, Serverless Framework And Other Infrastructure-As-Code-Languages

Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Dockerfile, Serverless or ARM Templates and detects securi ty and compliance misconfigurations using graph-based...

How to Get Started With Application Security

With a comprehensive security stack, Akamai’s application security solutions defend your entire ecosystem from threats. But before you can reap the benefits that come with application security, you need to create a configuration with Akamai’s APIs. Our Developer Advocacy team is here to walk you...

Azure network security helps reduce cost and risk according to Forrester TEI study

As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools ...

To the Left: Your Guide to Infrastructure as Code for Shifting Left

It's the cloud's world now, and we're all just living in it. The mass migration of organizational infrastructure to the cloud isn't slowing down any time soon — and really, why would it? Cloud computing has allowed developers to move at vastly greater speeds than ever before. And this in turn let...

Securing AWS Infrastructure with Trend Micro Workshop

In this workshop, you’ll learn how to leverage infrastructure as code IaC and Security to automate your cloud security efforts. If you’re interested in making cloud security more efficient, automated, proactive, and accessible, this workshop is for you!...

Security Resources Now on AWS CloudFormation Templates

Trend Micro is helping customers natively deploy Infrastructure as Code IaC resources for security the same way as cloud native infrastructure in collaboration with AWS CloudFormation...

Bridgecrew Checkov 代码问题漏洞

Bridgecrew Checkov is an open source application. Static code analysis tool for infrastructure-as-code. Bridgecrew Checkov suffers from a code issue vulnerability that stems from insecure input validation when processing serialized data, which could allow a remote user to pass specially designed...

Creating coefficiency: DevOps, Security, and Compliance

Secure IaC Infrastructure-as-code IaC is a powerful partnership accelerator. As businesses and organizations scale into the cloud to realize its full production-enablement potential, security often struggles to keep up. The ultimate goal on the security horizon is, of course, to prevent risks and...

How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs

Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ formerly CBS All Access streaming platform. Delivering digital content to millions of users on a daily basis doesn’t happen on its own—it makes it to...

A Quick Look Into Cloud Workload Protection Platforms (CWPPs)

The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...

What's New in DivvyCloud by Rapid7: February 2021 Feature Releases

February was another busy month. Internally, as we work to improve our processes, we are still committed to maintaining our frequent release cadence. Our releases, both minor and major, ensure that customers have access to valuable improvements, features, expanded support capabilities, and bug...

Cloud is King: 9 Software Security Trends to Watch in 2021

IT security professionals have largely spent the year managing a once-in-a-generation workforce shift from office to home in 2020. With the initial push over, experts predict that 2021 will be focused on shoring up the cloud and re-imagining organizational workflows under this new normal. Softwar...

Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. GitHub Repo: https://github.com/accurics/terrascan Documentation: https://docs.accurics.com Discuss: https://community.accurics.com Features 500+ Policies for...

PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud

Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple...

Principles of a Cloud Migration

Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. One of the main things they might use during this is “Infrastructure as Code,” where they are creating cloud resources for running their...