Tag: Infosec

• What Is CARTA? Continuous Adaptive Risk and Trust Assessment explained

  Posted on December 13, 2022, Level beginner Resource Length short

  Digital services made for consumers are opening up new opportunities and vulnerabilities. With more employees bringing unmanaged devices to the office, business networks can be accessed by many more people. Plus, remote work means that an organization's IT perimeter is no longer restricted within its walls. By Mihaela Marian.

  ---

  Tags cio infosec miscellaneous management

• Five ways to harden your Linux server with Ansible

  Posted on December 7, 2022, Level beginner Resource Length medium

  Automation allows you to apply compliance and security policies consistently across your servers, verify compliance, and remediate servers. By Ricardo Gerardi.

  ---

  Tags linux cloud infosec devops

• Don't know what to monitor? L.E.T.S. Start with 4 Metrics!

  Posted on December 1, 2022, Level beginner Resource Length medium

  "We paid for a bunch of tools but we don't know what we should be looking at. There are tons of charts that don't seem to mean anything!" Software monitoring, how does it work? By Jeremy Hicks.

  ---

  Tags monitoring infosec cloud servers app-development serverless web-development

• Microsoft says it's just too difficult to effectively disrupt ransomware

  Posted on November 30, 2022, Level beginner Resource Length medium

  The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy. By Connor Jones.

  ---

  Tags cio infosec cloud miscellaneous

• Implementing TLS in Java

  Posted on November 29, 2022, Level intermediate Resource Length short

  TLS, or transport layer security, is a protocol used across the globe to encrypt and secure communication over the internet. In this article, we'll discuss what TLS is, what benefits it provides, and why you need it. Then we'll walk through implementing TLS in Java. By Himanish Munjal.

  ---

  Tags app-development java ssl infosec programming

• NGINX ingress controller hardening guide

  Posted on November 27, 2022, Level intermediate Resource Length short

  This guide describes, what of the different configurations described in those guides is already implemented as default in the nginx implementation of kubernetes ingress. By @kubernetes.github.io.

  ---

  Tags nginx infosec devops cloud distributed apis servers

• NGINX WAF and Kubernetes WAF options (App Protect vs. open-appsec)

  Posted on November 26, 2022, Level intermediate Resource Length short

  Until 2022, NGINX supported the well-known ModSecurity open-source WAF solution and OWASP Core RuleSet Signatures. However, following Trustwaves End-of-Life notice about ModSecurity, and possibly related also to the acquisition of NGINX by F5, NGINX announced in May 2022 that it will end of life ModSecurity, leaving NGINX open-source with no open-source security solution. By Christopher Lutat.

  ---

  Tags infosec devops cloud nginx servers

• Service exhaustion floods — HTTP/HTTPS flood, HTTP pipelining, and SSL renegotiation DDoS attack

  Posted on November 25, 2022, Level beginner Resource Length medium

  On 1 June 2022, a Google Cloud Armor customer was hit with a Distributed denial-of-service (DDoS) attack over the Hypertext Transfer Protocol Secure (HTTPS) protocol that reached 46 million requests per second (RPS), making it one of the largest ever recorded Layer 7 DDoS attacks reported this year. By Debashis Pal.

  ---

  Tags infosec ssl app-development cloud cio devops

• Three reasons why CISOs need to understand domain security

  Posted on November 16, 2022, Level beginner Resource Length medium

  Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. An attack on a web domain can lead to the redirection of a company's website, domain spoofing, phishing attacks, network breaches, and business email compromise (BEC). By cscdbs.com.

  ---

  Tags cio web-development app-development infosec

• Building a secure SaaS application with Amazon API Gateway and Auth0 by Okta

  Posted on November 8, 2022, Level beginner Resource Length long

  Most applications require a form of identity service to manage, authenticate, and authorize users. In software-as-a-service (SaaS) applications, multi-tenancy adds specific challenges to this task that are important aspects to consider when designing a multi-tenant identity management service. By Humberto Somensi.

  ---

  Tags apis serverless infosec cloud app-development web-development microservices

• Block ads on every device in your house with a Raspberry Pi and Pi-hole

  Posted on October 29, 2022, Level intermediate Resource Length long

  Stress and burnout are having a massive impact on cybersecurity teams, leaving people and businesses more vulnerable than ever. Cybersecurity professionals are "reaching their breaking point" as ransomware attacks increase and create new risks for people and businesses. By Owen Hughes.

  ---

  Tags infosec linux robotics iot web-development app-development

• Cybersecurity teams are reaching their breaking point. We should all be worried

  Posted on October 28, 2022, Level beginner Resource Length long

  Stress and burnout are having a massive impact on cybersecurity teams, leaving people and businesses more vulnerable than ever. Cybersecurity professionals are "reaching their breaking point" as ransomware attacks increase and create new risks for people and businesses. By Owen Hughes.

  ---

  Tags infosec linux teams cio web-development app-development

• ← Newer Posts
• Older Posts →