Is It Observable’s Post

Day 21 of #cybertechdave100daysofcyberchallenge Course : OWASP Top 10 for Docker Containers and Kubernetes Security | Chapter 6 : Inadequate Process Isolation. Today, I completed the 'Inadequate Process Isolation' chapter on EC-Council. Upon completion, I've learnt that: - Inadequate process isolation is when processes running inside different containers can potentially interact with each other, leading to a compromise of one container can potentially compromise the entire system 🛡 By implementing process isolation through namespace isolation and cgroups one can prevent cross-container compromisation. Better Never Rests 🤝 #cybertechdave100daysofcyberchallenge #eccouncil

🔒 Excited to share my latest blog post on enhancing code repository security! In this article, I delve into the significance of TruffleHog in identifying vulnerabilities within code repositories, shedding light on its ability to uncover sensitive information like passwords and encryption keys mistakenly included in the code. Whether it's public or private repositories, TruffleHog proves to be an indispensable tool in safeguarding against potential breaches. Check out the full blog here for insights on harnessing TruffleHog's capabilities: https://lnkd.in/dPESqsBw #cybersecurity #devsecops #git #devops #trufflehog #codesecurity #techsecurity #github #opensource

KubeHound: Identifying attack paths in Kubernetes clusters #kubehound #datadog #opensource #kubernetescluster #containersecurity #attackpath https://lnkd.in/eiHPJJPj

First great speaker of today’s meetup! Amit Sharma on a topic that is an extremely important application security testing capability: DAST - what is DAST? - why DAST? What are the advantages of DAST? - Is DAST the silver bullet? What are the limitations of DAST? - how and when to integrate in your development lifecycle? All these questions and much more was answered during the meetup! Interested in the recording? This will be released soon! Follow us on LinkedIn and Meetup.com Next event is in Nijmegen, with other great DevSecOps topics!! OWASP Netherlands Chapter #devsecops #appsec #dast #owasp #meetups #opensource #cloudsecurity

I just saw Docker Scout, which scans your docker repo for vulnerabilities. Here's a link to check out Docker Scout https://lnkd.in/eRX_-UNp ➡ The Docker Scout free plan gives you unlimited local image analysis and up to 3 remote repositories. ⬅ I used to run the below to scan my repos: docker run --rm --volume /var/run/docker.sock:/var/run/docker.sock --name Grype anchore/grype:latest httpd:latest >> SECOUT.txt Report will in this example be in the file SECOUT.txt - which has a whopping 32 Critical and High vulnerabilities with 3 in the main binary itself - httpd. I am for sure now switching to Docker Scout. Test the containers you use for vulnerabilities - it's free ! Huge thanks 🙏 to Christian Dupuis Katharine (Kat) Yi 🖖🏻 and all in the 🐳 team that bring this very much needed feature. #security #vulnerabilitymanagement #docker

GitLab’s DevSecOps recently switched from Grype to Trivy for container vulnerability scanning. The key question is: where is the best place to scan images for vulnerabilities, and where should these vulnerability reports be stored? 1. During CI/CD at the build stage 2. At runtime in the Kubernetes cluster 3. In registries My perspective is to treat Docker images as assets and associate them with code repositories. Every asset should belong to a code repository, and the scanning report should be included as part of the SAST reports generated for that codebase. #devsecops #security #devsecops_bot #sast #codesecurity #code #staticanalysis #llm

DAY 17/100 COMPLETED #tryhackme room intro to containerisation by the end of the room, we will be learn aboutThe basic syntax to get we started with DockerRunning and deploying our first containerUnderstanding how Docker containers are distributed using images.Creating our own image using a Dockerfile. How Dockerfiles are used to build containers, using Docker Compose to orchestrate multiple containers.Applying the knowledge gained from the room into the practical element at the end. #100daysofcybersecurity  #100dayschallenge  #100daysoflearning  #cybersecuritytraining https://lnkd.in/gHAqYZc9

#NewsFlash GitHub has announced that its code scanning autofix feature, powered by #GitHub Copilot and #CodeQL, is now available in public beta for all GitHub Advanced Security customers. The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning, with developers requiring minimal editing. Check out the details in the comments.

Here is how I exploit Kioptrix VM Apache and Samba ports vulnerabilities: https://lnkd.in/dhnGi3BP These two solo labs are part of the Bytewise Limited #cybersecurity #fellowship. #100daysofcode #Bytewise #100daysofbytewise #100daysofcybersecurity

Kubernetes - are you secure? Are you sure? If not, this workshop taught by Jacob Beasley should change that. He'll walk you through securing a Kubernetes cluster using open-source Kubernetes security tools such as kube-bench, kubsec, kube-hunter, trivy, and project falco. It may sound like a lot, but he'll simplify it and you'll walk away with a clear understanding and an action plan to make your K8s implementation more secure. https://lnkd.in/gpiHuxRT #mndevconf #kubernetes #kubernetescluster #kubernetessecurity #softwaredeveloper #softwaredevelopers #developerconference #conference2023