Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



Top Five Reasons To Use CloudCasa With Azure

CloudCasa by Catalogic announced the integration with Azure Kubernetes Service (AKS) at KubeCon in Valencia and it has so far received positive feedback from customers. In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Sathya Sankaran, Founder and General Manager, CloudCasa by Catalogic and Sebastian Głąb, CloudCasa Architect, as they give a demo and explain the key reasons to use CloudCasa to protect AKS Applications.


The Critical Element Companies Are Missing in Digital Transformation Journeys

Digital transformation is no longer the exclusive domain of forward-thinking companies on the leading edge of technological advancement. It has become a cost of entry into competitive business. Digital transformation was already accelerating into the mainstream prior to the pandemic, but the jarring shift to remote and hybrid work put fuel in the proverbial jetpacks.


Organizations Want to Adopt DevSecOps. What's Getting in Their Way?

Security leaders are eager to move to a DevSecOps approach—and why wouldn’t they be? DevSecOps has been emerging as a key component in organizations’ efforts to build strong security into all the software products they deliver. The adoption and implementation of the DevSecOps methodology involves multiple facets of organizations and brings together security and development professionals in a collaborative mission to deliver products that are both high in quality and secure.

Stranger Danger: Your Java Attack Surface Just Got Bigger

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Meet the Best Hackers: Shuchita Mishra and Parth Shukla | SnykWeek Boston

During SnykWeek Boston, Shuchita Mishra and Parth Shukla were crowned the best hackers by fixing the most vulnerabilities during our fix challenge. Check out our interview with them to learn about the passion for developer security and what they loved most about Snyk.

How to Connect to Microsoft SQL Server Remotely Using Teleport

Support for Microsoft SQL Server was added in our Teleport 9 release, along with support for Redis and MariaDB. In this post, we'll specifically be looking at Microsoft SQL Server and will cover how to connect to it remotely using Teleport. Before we get into the steps of accessing SQL Server with Teleport, let's briefly go over a few recommended security postures with SQL Server and how Teleport actually helps to implement them.


Container Image Scanning for Azure Pipelines with Sysdig

Scanning a container image for vulnerabilities or bad practices in your Azure Pipelines using Sysdig Secure is a straightforward process. This article demonstrates a step by step example on how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner in Azure Pipelines. Although possible, it is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.


Dynamic SBOM = SBOM + VEX

In recent months there has been a lot of discussion around the importance of Software Bills of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) when it comes to managing software vulnerabilities. Organizations can combine the SBOM and VEX to get a more contextualized view of the actual risk present in their environment. In this blog post, we examine how SBOMs and VEX do not need to be 2 artifacts.


CVE-2022-3172 - kube-apiserver can allow an aggregated API server to redirect client traffic to any URL

A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties. The aggregated API server extension in Kubernetes API server enables users to extend API server with alternative objects and paths.