Microsoft to Require Token-Based Authentication on GitHub and Visual Studio

Source:-https://www.programmableweb.com Microsoft has announced that in an effort to provide increased security GitHub and Visual Studio users will no longer be able to use account passwords for API authentication. Beginning on November 13th, 2020, the company will require token-based authentication for all interactions that require authentication. As a result of these changes, Microsoft noted that Git credential helpers will no longer be able to create new access tokens or help authenticate users for GitHub operations by using username and password.

Read more

As the quantity of test data increases, machine learning could be the answer to sort through it all

Source:-https://www.applause.com Scaling test automation and managing it over time remains a challenge for DevOps teams. Development teams can utilize machine learning (ML) both in the platform’s test automation authoring and execution phases, as well as in the post-execution test analysis that includes looking at trends, patterns and impact on the business. Before diving deeper into how ML can help during both of these phases of the test automation process, it is important to understand the root causes of why test

Read more

Exploring the (lack of) security in a typical Docker and Kubernets installation

Source:-neowin.net I have been in IT for over 20 years, but have never had any hands on experience with containers. Conceptually, I understand what they are and how they work, but since I’ve never had to implement them, I wasn’t sure how it worked. In addition, I had no idea how to actually secure them. Again, the concept sounds great, but the old adage of “as security increases, usability decreases” sat in my head, and with how easy everything container-related

Read more

Black Hat 2020: xGitGuard uses AI to detect inadvertently exposed data on GitHub

Source:-portswigger.net GitHub is often praised for offering a platform for developers to share their open source code and tools that they develop. However, some developers often unknowingly, or inadvertently, neglect to remove sensitive information such as API tokens and user credentials from their code prior to posting it on GitHub. Mistakes of this kind can expose an organization’s internal secrets and tokens to harvesting and potential misuse. Security researchers at Comcast have developed a tool that detects organizations’ secrets and

Read more

For DevOps, Application Programming Integration (API) Is A Major Security Vulnerability

Source:-forbes.com One of the most often overlooked cybersecurity attack vectors, and one of the biggest threats is application-programming interface (API) security. According to the security giant, Akamai, over 80% of all Content Delivery Network (CDN) Internet traffic is API traffic. APIs enable applications, services and micro services to work together. For example, organizations use APIs to connect applications, data services and mobile applications to deliver services to their customers for banking, gaming, healthcare or any other integrated enterprise applications. Internally,

Read more

Why securing Kubernetes requires a native toolset

Source:-cloudcomputing-news.net A now-classic 2014 study by IBM concluded that an astonishing 95 percent of all digital security breaches it investigated were either caused, or contributed to, by human error – presumably including those of the software developers. The remaining few were largely the results of technical faux pas. Subsequent disclosures about breaches and attacks have cited the same finding – with all kinds of digital tools, it’s easy for people to make mistakes. Often the root cause is granting privileges

Read more

DevSecOps report: Cloud IT complexity creates ‘immutable’ security issues

Source:-zdnet.com Cloud IT deployments can be so complex that security issues cannot be fixed easily — so they aren’t — raising the attack surface for enterprises. A report on DevOps security has found that only 4% of issues found in production are dealt with because of the increased complexity of cloud based IT systems is creating new security gaps. The State of DevSecOps report was commissioned by Accurics — which specializes in addressing IT security through infrastructure as code in

Read more

Morpheus Data Updates Multi-Cloud Management Platform for Continuous Delivery

Source:-idevnews.com Morpheus Data’s latest platform can tackle various types of multi-cloud management to unify complex environments and automate workflows. The goal is to enable continuous delivery for developers using Kubernetes, VMware and Terraform. Morpheus Data has updated its multi-cloud management platform to enable continuous delivery for customers using Kubernetes, VMware, and Terraform. Morpheus 4.2 release also adds continuous compliance updates for the platform’s policy enforcement engine. The latest updates build on Morpheus’ aim to deliver “everything needed for rapid and

Read more

Trend Micro Publishes Guide to Kubernetes Security

Source:-containerjournal.com Trend Micro has created a guide to Kubernetes threats that categorizes the threats into three broad categories: external attacks, misconfiguration issues and vulnerable applications. Mark Nunnikhoven, vice president of cloud research at Trend Micro, says adoption of Kubernetes is exacerbating an existing shortage of cybersecurity expertise by introducing into enterprise IT environments a platform that is as complex as it is powerful. As a result, the opportunities for cybersecurity mistakes to be made are considerable, he notes. Most external

Read more

Latest Parasoft Software Testing Suite Release Strengthens DevOps Team Collaboration

Source:-aithority.com Parasoft Showcases New Product Capabilities for DevOps and Remote Work Team Initiatives at STAREAST Virtual Conference 2020 Parasoft, a global leader in automated software testing for over 30 years, announced the 2020.1 releases of Parasoft’s enterprise solutions: SOAtest, Virtualize, and Continuous Testing Platform (CTP). The new features in the product suite strengthen DevOps team collaboration, making it simple for customers to manage virtual services more effectively as part of the test environment. Parasoft added key capabilities to enable remote

Read more
1 2 3 5