Sign in Subscribe

Archive

A collection of 38 issues

Latest

Security Patching Docker Containers

In the final section of my series on creating a comprehensive security program around Docker [https://nullsweep.com/building-a-docker-security-program], I'll be looking at some ideas and best practices around patching running containers. In the previous articles, I talked about running static analysis on containers [https://nullsweep.com/docker-static-analysis-with-clair]

Host Based Intrusion Prevention And Detection For Docker

Continuing the series on creating a comprehensive security program around Docker [https://nullsweep.com/building-a-docker-security-program/], today we will look at intrusion detection and prevention with containers. Containers are created to be immutable and ephemeral, so why is this necessary? Just recently, Kubernetes disclosed a vulnerability [https://www.tripwire.com/state-of-security/

Docker Static Analysis With Clair

The simplest way to get started with a docker security program is to start with static analysis: Analyzing docker files for insecure software and making sure we have a level of trust in the base images our organization uses. This is part of the series on how to build a

Building a Docker Security Program

In the past couple of years, I have worked with teams trying to figure out how to adapt security tools to their Docker deployments, with varying degrees of success. Over the next several articles, I will build up a series of security tools and practices that can help secure your

How To Hire Security Talent

I don't think it's quite as hard as most people make it out to be. I keep hearing from colleagues and articles that there is great difficulty in hiring a technical security people to work on application security, network security, or devsecops. If you want to

Successfully Starting a Secure DevOps / DevSecOps Program

When I was first asked to build a Secure DevOps program, I was excited about the possibilities for continuous security, and truly making an impact on our applications from the first line of code written. Over the following months, the difficult reality set in for me: Though there is no

DevOps Security Tools Worth Using

I often come across security tools that look pretty great for DevOps integration, but I may not have a specific need for at the moment. I keep them here so I always have a list I can refer to when something comes up.

How To Get A Job In DevSecOps

Modern security organizations are moving closer to development, and increasingly integrating directly with development through continuous security and DevSecOps roles. This combined skillset of security engineer and devops engineer, with enough programming knowledge to automate tasks and speak intelligently to development teams, is massively valuable in the marketplace. With a