Docker security is an ever-evolving area to be updated about since this part of the technology keeps changing at fast pace. We will cover few basic topics you should be aware of from technical standpoint.
Even though there are alot of articles around this topic and most famous front-runners in this space are companies like Snyk and Sysdig.
Snyk’s recommendations for top 10 Docker Security Best Practices publicly available, for sysdig you have to fill out the form and download the whitepaper.
Docker containers are, by default, quite secure; especially if you run your processes as non-privileged users inside the…
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications according to kubernetes.io but if we look at it closer under the hood let’s see what it is actually and technically :)
Launching a single node Kubernetes cluster, we will use Minikube(https://github.com/kubernetes/minikube), it is a tool that makes it easy to run Kubernetes locally, Minikube runs a single-node Kubernetes cluster inside a VM on your laptop for users looking to try out Kubernetes or develop with it on a daily basis.
What is Siemplify?
Siemplify is a SOAR Platform company and is Check Point’s strategic partner in SOAR space. Siemplify was born out of the need for a better, simpler, more effective way to manage security operations. Siemplify is built by security operations experts who spent years honing their skills on the front lines of Israeli cyber intelligence agencies. Siemplify is not a SIEM but rather an automation platform which uses playbooks and case-management.
What is Security Automation?
Security automation is used to address security operations tasks without human intervention and is an important component of security orchestration.
When automation is…
About 3 years ago Gartner Research company coined the term WAAP which stands for Web Application and API Security which is mouth full to say it instead what we used to just call it a WAF in the industry.
There are so many solutions that offer WAAP as SaaS or PaaS or as a software. This article is to highlight and discuss why would anyone need a WAAP.
Let’s talk about Recon briefly.
Recon is mainly about the following items:
What began as a banking trojan and descendant of Dyre malware, TrickBot now provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. These activities include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk and Conti.
In early 2019, the FBI began to observe new TrickBot modules named Anchor, which cyber actors typically used in attacks targeting high-profile victims — such as large corporations. These attacks often involved data exfiltration from networks and point-of-sale devices. …
Before we dive into this topic, let’s first briefly cover types of cyber threats these technologies can detect and prevent.
What is a Zero Day malware? It’s an unknown malware, virus. It has an MD5 hash that is not known to any traditional Anti-Malware protection.
You can take any unknown variant of the malware and load it to test on www.virustotal.com to get a verdict and validate if it is indeed unknown to a list of traditional signature based solutions. Virus Total maintains and has access via API to run the scan from one unified page.
Here is a library of unknown malware samples: https://github.com/mstfknn/malware-sample-library
You can change the hash of the known variant with https://github.com/ewwink/MD5-Hash-Changer
Now, let’s talk about…
What is Postman? It is an API tool. Postman allows you to publish most API’s quickly and easily. It automatically pulls your sample requests, headers, code snippets, etc. You can also easily share your API with the rest of your team if you are working on a project or such.
What is Check Point API and why use it? Check Point is a Security Gateway company(https://www.checkpoint.com) They have Web API available for automating tasks and functions in large scale deployments, and other cool things. …
From security perspective it is very important to be aware that running containers and applications with Docker implies running the Docker daemon. It is very important to be aware of this. The rootless mode is still experimental.
In new versions by default it uses UNIX socket which is owned by the “root” and other users can only access it using “sudo”, the Docker daemon binds to a that socket instead of a TCP port, it also always runs as the “root” user.
If you want to run “docker” with “sudo” then create a group called “docker” and add users to…
Cloud computing has been transforming every aspect of business especially now that companies can handle pretty much every aspect of their business virtually, you don’t need server racks or data centers any longer.
There are three key drivers for companies to move to cloud:
Mobility = Access to data from anywhere
Agility = moving data closer where it is needed with easy access to data
Disaster Recovery = Workloads are deployed and replicated across different physical data centers and different geo’s with accessibility from anywhere
Let’s take a look at what are the key differences between these two key pieces…
Cloud Security, Automation, DevOps, AWS, Azure, GCP