Virtualization & Cloud
- January 31, 2024Attackers abuse different supply-chain scenarios to indirectly compromise organizations and applications. We delve into how a software pipeline works, where attacks could come from, and how to improve security.
- November 21, 2023Kubernetes, also known as K8s, is a very complex open-source platform that requires detailed attention to security. Despite previous efforts to increase its security, Kubernetes remains insecure by default and requires different security tools to protect the cluster.
- October 09, 2023In this entry, we continue delving into an investigation of exposed registries and look at the types of files and information that malicious actors can access and compromise from these.
- September 26, 2023In this entry, we will discuss publicly exposed registries, which are repositories or databases containing information accessible to the public without the need for authentication.
- July 14, 2022We examined the potential risks associated with using the serverless environment service for secrets management.
- June 14, 2022We examine Azure’s Managed Identities service and its security capability in a threat model as developers’ go-to feature for managing secrets and credentials.
- May 12, 2022After looking at offerings by cloud service providers (CSPs), we examined the possibilities of using a more secure serverless environment by running a custom container.
- May 04, 2022We looked into Azure App Services and created a threat model to mitigate the impact of threats on the infrastructure and applications.
- January 14, 2022We examined the potential risks associated with using the serverless environment service for secrets management.