Whether it's password or passwordless authentication, multi-factor authentication, or any of the other identity verification shenanigans, in the end, our identity is deduced to a single session cookie! We can't deny the security importance of session cookies in web application access control.
The adoption of Kubernetes and its ecosystem has continued its rapid growth, with over 5.1 million developers worldwide now using Kubernetes. Developers are adopting and utilizing Kubernetes to manage containerized workloads and services. Kubernetes has many benefits for organizations and developers including auto scaling, automated deployment and rollback, self-healing, loading balancing and application centricity.
Testing the relatively new function mocking feature of OPA revealed a vulnerability in the Go API, where the use of the WithUnsafeBuiltins function on the compiler object — a deprecated legacy function used to declare a set of function names as unsafe, and as such rejected in the policy compilation stage — could be bypassed by mocking a function, effectively replacing it with one of the functions deemed unsafe.
Jeff Martin, vice president of product for Mend, was recently interviewed by Michael Vizard from the Techstrong Group. In a fascinating conversation on application security debt, the two shed a spotlight on the insufficiencies of the current security stance of many companies and the budgetary pressures that might be influencing them.
