Tag: devsecops

Can Kubernetes Keep a Secret? It all depends what tool you’re using

At Soluto, we have super-devs who have full ownership: from writing code to deploying it to monitoring. When we made the shift to Kubernetes, we wanted to keep our devs independent and put a lot of effort into allowing them to create services rapidly. It all worked like a charm – until they had to handle credentials. This challenge leads us to build Kamus – an open source, GitOps, zero trust, secrets solution for Kubernetes applications. Kamus allows you to…

Read More

Lesson learned: Disabling weak TLS cipher suites without breaking up everything

Recently, I caused a pretty big production issue. It was bad. It all happened when I tried to harden our APIs – by disabling weak cipher suites in the TLS protocol. If you’re not sure what that means – or how it is done, stay tuned! In this post, I’ll explain what happened, why it’s important to harden your APIs, and how to do it properly. Mmm, something looks weird here… A few months ago, while investigating a bug in…

Read More

Security Tests Made Easy with OWASP Zap

Are you running security tests in your CI? You might be wondering – what does running security tests even mean? What does it do? Security tests just test your code for known vulnerabilities, to make sure hackers will not be able to hack into your system. This might sound complicated – but actually, it is pretty simple. There are many existing tools that you can use for running security tests – and in this blog post, I will introduce one of…

Read More

What I learned at AppSecEurope and my thoughts for the future

Last week I was fortunate enough to attend AppSecEurope. There was much discussion about DevSecOps, the hottest trend today in AppSec. The talks were really inspiring and cover this topic from various vantage points. However, I would like to discuss two issues that are extremely relevant for the future of the industry and were missing from the discussion at the event. OWASP Glue Glue is a tool that coordinates various security tools. It makes the integration of various security tools with…

Read More

Powered by WordPress & Theme by Anders Norén