A vulnerability (CVE-2020-2100), discovered by Adam Thorn from the University of Cambridge, may allows attacker to abuse internet-facing Jenkins servers to mount and amplify reflective DDoS attacks.Continue…
In a previous article , I’ve started to talk about DevSecOps and the concept of “shifting left” security.
In order to move security checks to the early steps of development, a great help may be the presence of a security-aware person in every scrum team, the so-called “Security Champions“.
A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle.
In a application security context, this refers to the measures implemented to ensure thart security concerns are taken into consideration during the whole application development, rather than at the end of the process.
By default, containers run in unprivileged mode, that is, we cannot run Docker daemon inside a Docker container.
However, a privileged Docker container is allowed to access to all the devices on the host woth the same privileges of the process running on the host.
According to a TrendMicro’s report, ‘The New Norm’, the major cybersecurity risks for organizations in 2020 comes from DevOps, third-party libraries, container components and even remote workers.
A pleasant reading for the Christmas holidays!Continue…
Security should be built into every part of the DevOps lifecycle, including inception, design, build, test, release, support, maintenance, and beyond.Continue…