Container Security
To facilitate scalability and resilience, many organizations are running applications in cloud-native environments, with make use of containers and orchestration.
Virtual Patch Creation Phase
The process of creating an accurate virtual patch is bound by: (a) No false positives – This is always the
Preparation Phase, Identification Phase and Analyze Phase
Preparation Phase The significance of adequately utilizing the preparation phase in respect of virtual patching can’t be overstated. Before dealing
Virtual Patching in Vulnerability Management
Virtual patching demands applying a layer of security policy that prevents and intercepts vulnerability exploitation. A productive solution requires the
WAF + RASP + Bot Mitigation + DDoS in Kubernetes Platform
There are many products out there that work as a WAF. WAF is not really aware of the application it
PATCH MANAGEMENT
Patch Management is a strategic process of acquiring, testing, and installing updated software. But, most of the companies find themselves comply
Why Is Virtual Patching So Important?
Virtual Patching gives a rapid way of a solution to provide web security. Even though the preferred solution is temporary,
Why do we need to apply Virtual Patching on the websites?
Safeguarding the company’s assets against existing and emerging vulnerabilities is the most critical task that security teams are struggling with.
Virtual Patching Tools
Various tools are used to achieve Deep Security virtual patching. It includes: Web Application Firewall (WAF) Intrusion Prevention System (IPS)
Common Roadblocks to Source Code Fixes
From the technical point of view, the initial mitigation strategy would be for an organization to rectify the discovered vulnerability
Advantages of Virtual Patching
Today’s systems can be considered as very advanced as well as complex, with multiple dependencies and interrelationships. It requires a
Virtual Patching: Definition
The term patch is misleading because the vulnerable system is not being patched. A quick repair job for a piece
Introduction to Virtual Patching
“Virtual Patching” is a term that was initially used by Intrusion Prevention System vendors many years ago. It is also
How to create a Kubernetes Service
With the running application, we want to access one service. Let’s create a ClusterIP type of service. We can: Create
Kube-Proxy and Headless Services
Kube-Proxy Kube-proxy implements a form of virtual IP for services for all types except ExternalName. Three modes are: (a) Proxy-mode:
Kubernetes Service Types
Key Terms Nodes: Virtual host(s) on which containers/pods are running. Kubernetes Service: A logical set of pods that perform identical
Introduction to Kubernetes Services
Key Terms: Pods: One or more containers that shares the storage and network with a Kubernetes configuration, mentioning the behavior
Kubernetes Infrastructure Security
Security should extend beyond images and workloads and defend the complete environment, as well as the cluster infrastructure. You want
Kubernetes Security – Runtime Phase
Kubernetes Security: Runtime Phase The runtime phase exposes containerised applications to a slew of recent security challenges. The aim is
Remote Code Execution vuln in Zend Framework 3.0.0
Overview : Remote Code Execution vuln in Zend Framework 3.0.0 Affected Product(s) : Zend Framework 3.0.0 Vulnerability Details : CVE
Tenda N300 Authentication Bypass via Malformed HTTP Request Header
Overview : Tenda N300 allows Authentication Bypass vuln through Malformed HTTP Request Affected Product(s) : N300/N301 Router Vulnerability Details :
Multiple vulnerabilities reported in XCloner
Overview : Multiple vulnerabilities like Unprotected AJAX Action & Cross-Site Request Forgery reported in XCloner Affected Product(s) : versions before
Remote Denial of Service attack in Pure-FTPd 1.0.48
Overview : Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection
Kubernetes Container Security – Deployment Phase
Kubernetes Container Security in Deployment Phase Kubernetes infrastructure ought to be designed firmly before workloads being deployed. From a security