Category Archive For "CI/CD"
SAST, DAST, and IAST: Understand the Difference Between These Application
Have you ever heard of AST – Application Security Test? If you’ve never heard of it, throughout this article we’ll explain what it’s all about and why tests like these are so important for application security. The best known are SAST, DAST, and IAST. Now, if you are from a team that has heard of …
What is IAST ( Interactive Application Security Testing)
IAST (Interactive Application Security Testing ) is a term for tools that combine the advantages of SAST (Static Application Security Testing and DAST ( Dynamic Application Security Testing ). As a generic term, IAST tools can differ greatly in their approach to testing web application security. We will explain how these testing tools came about, how they detect security …
The fastest way to ramp up on DevOps
Becoming a DevOps engineer is a journey that, most times, is self-paced and doesn’t require you to enroll in a university or college. It’s a journey that you can start and finish in a year or less, depending on your previous knowledge of cloud native technology. And suppose you probably don’t know or have knowledge …
Why Kubernetes is a must learn to become Cloud Native
The term “Cloud Native” has been in circulation for a while, and it’s known as a term that encompasses the various tools and techniques needed by software developers to scale, build, deploy and maintain cloud applications. There are different, and many definitions given to what cloud native is in the tech world. But one way …
How to enhance security by integrating SAST and DAST in CI/CD?
The OWASP Top 10 is a security awareness document that lists top security risks affecting web applications during a time span. The document suggests the security risks affecting our web application haven’t changed in years.SAST and DAST provide two stringent methods to safeguard their software delivery pipeline at various stages. Here are some of the …
What is Zero Trust Security?
Zero Trust is a security model based on maintaining strict access controls and not trusting anyone by default. Corporate IT has the affinity to trust every session originating from within the organization while denying anything coming outside of the organization. The problem is once somebody is inside the network, there is no way to stop them. …
CKA vs. CKAD and Do you Really Need Them?
Certification, in general, is more like a legal tender to show that a person is knowledgeable in something of a particular aspect, particularly in Kubernetes for CKA and CKAD. A certification is, in many cases, a booster when applying for jobs. It is pretty logical that a candidate applying for a Kubernetes role with a …
NIST’s DevSecOps guidance: This is what you should know
The NIST DevSecOps guide publication critically highlights technical security rudiments for industry-level DevSecOps integrating with cloud-native applications based on microservices. Cloud adoption has crept into the deeper interests of decision-makers at the US government. Cloud adoption is moving rapidly, and although government bodies had a reasonably good grasp of it before, they are now moving …
History, Principles, and implementation of SRE
Site Reliability Engineering (SRE) refers to a set of practices incorporated into operations using the same approach used in software building.SRE implementation in a company fast track growth by providing seamless operations between the various teams in the organization. It is often done by introducing automation or structure that streamlines the effort and focus of …
10 Kubernetes Security Best Practices
Kubernetes security is critical throughout the life of the container due to the dynamic and distributed nature of a cluster. For a cluster to be considered effective and stable, it needs to be secure from unauthorized changes. Use Kubernetes Role-Based Access Control (RBAC) This feature has been available since Kubernetes 1.6. The RBAC plays an …