security

16 posts
Issue40

Security assessment techniques for Go projects

Static analysis tools like gosec, go-vet, and staticcheck can help catch low hanging fruits not included in compiler errors & warnings. Dynamic analysis techniques like fuzzing, property testing & fault injection should be used for deeper results.…

Issue40

How to avoid data breaches in the cloud

Draft a good data loss prevention (DLP) policy. Build a solution against breaches as well as unauthorized extraction & deletion. Implement encryption in transit as well as at rest: TLS/SSL connections are a must, as are IPsec VPN tunnels.…

Issue39

9 serverless security best practices

Map your application - consider the data involved, its value and services that access it. Keep using your WAF and API Gateway but apply perimeter security at the function level too.…

Issue34

Securing REST APIs

Ensure that you only accept queries sent over a secure channel, like TLS. Use API keys to secure, authenticate and track usage of a REST API.…

Issue34

How to minimize security debt from the start

Take stock and build an inventory of all connected devices and applications within your network, locate where all data reside, and audit access to them. Secure data travelling within as well as across networks.…

Issue34

How to combat cloud software security threats

Deploy strong identity management and access management systems. Understand how security works with third-party apps & integrations in detail.…

Issue32

Top 10 security best practices for MongoDB

Enable & configure role-based access control. Configure TLS. Restrict network exposure - ensure the instance is only listening on the localhost interface.…

Issue30

How soon we forget: Security in the age of Docker and Kubernetes

Don't run binaries as root as that creates a privileged user and higher risks. Run containers with a read-only file system alone.…

Issue29

You can’t protect what you can’t see

Establish visibility so that the business knows what is exposed and how, to whom, through the API. Authenticate both end-users and client applications. OAuth2 is the de facto standard.…

Issue24

The rise of zero-trust architecture

Zero trust architecture works on the philosophy of “never trust and always verify”. It utilizes micro-segmenting and reinforces perimeter cyber-security based on the user ID, location and other data permissions.…