At Soluto, we have super-devs who have full ownership: from writing code to deploying it to monitoring. When we made the shift to Kubernetes, we wanted to keep our devs independent and put a lot of effort into allowing them to create services rapidly. It all worked like a charm – until they had to handle credentials. This challenge leads us to build Kamus – an open source, GitOps, zero trust, secrets solution for Kubernetes applications. Kamus allows you to…
Recently, I caused a pretty big production issue. It was bad. It all happened when I tried to harden our APIs – by disabling weak cipher suites in the TLS protocol. If you’re not sure what that means – or how it is done, stay tuned! In this post, I’ll explain what happened, why it’s important to harden your APIs, and how to do it properly. Mmm, something looks weird here… A few months ago, while investigating a bug in…
Are you running security tests in your CI? You might be wondering – what does running security tests even mean? What does it do? Security tests just test your code for known vulnerabilities, to make sure hackers will not be able to hack into your system. This might sound complicated – but actually, it is pretty simple. There are many existing tools that you can use for running security tests – and in this blog post, I will introduce one of…
Last week I was fortunate enough to attend AppSecEurope. There was much discussion about DevSecOps, the hottest trend today in AppSec. The talks were really inspiring and cover this topic from various vantage points. However, I would like to discuss two issues that are extremely relevant for the future of the industry and were missing from the discussion at the event. OWASP Glue Glue is a tool that coordinates various security tools. It makes the integration of various security tools with…
Powered by WordPress & Theme by Anders Norén