Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Our diverse global Snykers are united by our core values. In addition to building a strong business, we also collectively lead with passion and empathy for each other, our customers, the communities where we live and work, and our planet as a whole. To paraphrase Dr. King, we believe that a threat to freedom or justice anywhere threatens these innate rights everywhere. Today, as the Ukrainian people are being affected directly, we are all affected indirectly.

Our previous blog post on authentication security covered six most common authentication vulnerabilities. In this post, we will discuss a few best practices that help avoid authentication vulnerabilities and defeat specific attack vectors. Below are the six best practices to secure the authentication process.

In cloud native computing (Kubernetes in our case), there is a requirement to automatically scale the compute resources used for performing a task. The autoscaling cloud computer strategy allows to dynamically adjust the active number of application servers and allocated resources instead of responding manually in real-time to traffic surges that necessitate more resources and instances.

Software supply chain risks are escalating. Between 2020 and 2021, bad actors launched nearly 7,000 software supply chain attacks, representing an increase of more than 600%. Without identifying and managing security risks within the supply chain, you could be exposing your critical assets to attacks. Implementing a supply chain risk management strategy is essential to staying ahead of the potential threats and making the most of your software.

As technology folks, we are often under a lot of pressure to fix some deployed code, update an infrastructure component, or patch some code. Often it’s with little notice and needs to be done 5 minutes ago. The gamble with any “zero turnaround” is the rush to fix now vs. taking the time to test and check.

Continuing with our security-first approach to Kubernetes data protection, in addition to Kubernetes Security Posture Reviews to scan your environment for vulnerabilities and misconfigurations, CloudCasa also added Cloud Security Posture Management for Amazon Web Services (AWS). Most attacks on cloud are the result of misconfigurations and mistakes, per industry analyst, Gartner. The research firm went on to forecast that through 2025, 99% of such attacks would be the customer’s fault.

Here’s the story of how a regular project management task resulted in me opening a pull request to an open source repository on GitHub. As a new member of Snyk’s Marketing team, I was recently involved in the preparation for The Big Fix, an event that brings together developers, DevOps, and security practitioners of all skill levels to help make the internet more secure by fixing vulnerabilities while having fun and being rewarded with swag.

Snyk is proud to launch a new Global Service Provider program designed to give leading solution providers the resources they need to bring our developer-first tools and methodologies into their services and support customers on their DevSecOps journey. We designed this program to support our service delivery partners in building services around Snyk, whether for outsourced application development, helping customers achieve their DevSecOps goals, or supporting their cloud native journey.

The simplest way to manage and organize your Go dependencies is with a Go Repository. You need reliable, secure, consistent and efficient access to your dependencies that are shared across your team, in a central location. Including a place to set up multiple registries, that work transparently with the Go client. With the JFrog free cloud subscription, including JFrog Artifactory, Xray and Pipelines, you can set up a free local, remote and virtual Go Registry in minutes.

One of the most exciting things about working at Teleport is getting to see how our infrastructure access solutions enable customers to grow their business. Since software has eaten the world, solutions like Teleport that enable developers to become more productive are essential to fast- growing companies. You simply can’t create a hyper growth business today without a strong software development muscle.