security

20 posts
Issue54

3 steps toward improving container security

Focus on how you build access rules and permissions. Understand the level of granularity needed right from day one to build this. Harden the container host with policies to prevent resource abuse.…

Issue54

Secure databases in complex backend systems with these 5 best practices

Keep application and database servers on different physical machines, with a high-performance host for the apps & high-level security for databases. Encrypt data residing on servers with a private key and also encrypt before transit.…

Issue49

Serverless security risks

Event data injections are really hard to identify & block in serverless architecture. Broken authentication is a big risk.…

Issue50

The most common types of ATO attacks

ATO (account takeover) attacks are dangerous because when your system thinks the attacker is a legitimate user, your security safeguards won’t be able to protect your system.…

Issue40

Security assessment techniques for Go projects

Static analysis tools like gosec, go-vet, and staticcheck can help catch low hanging fruits not included in compiler errors & warnings. Dynamic analysis techniques like fuzzing, property testing & fault injection should be used for deeper results.…

Issue40

How to avoid data breaches in the cloud

Draft a good data loss prevention (DLP) policy. Build a solution against breaches as well as unauthorized extraction & deletion. Implement encryption in transit as well as at rest: TLS/SSL connections are a must, as are IPsec VPN tunnels.…

Issue39

9 serverless security best practices

Map your application - consider the data involved, its value and services that access it. Keep using your WAF and API Gateway but apply perimeter security at the function level too.…

Issue34

Securing REST APIs

Ensure that you only accept queries sent over a secure channel, like TLS. Use API keys to secure, authenticate and track usage of a REST API.…

Issue34

How to minimize security debt from the start

Take stock and build an inventory of all connected devices and applications within your network, locate where all data reside, and audit access to them. Secure data travelling within as well as across networks.…

Issue34

How to combat cloud software security threats

Deploy strong identity management and access management systems. Understand how security works with third-party apps & integrations in detail.…