Have you ever thought the most popular CI/CD platform – GitLab – may have security issues? In fact, it is inevitable with such a massive infrastructure. Don’t worry! The platform is still reasonably secure: it scores well over 700 on BitSight, monitors alerts in real-time, and addresses them instantly. But vulnerabilities still arise, and it’s good to know their types, severity, and how they are addressed. We carefully analyzed GitLab’s security reports from the last…
Since the beginning of 2022, the Wallarm security research team has been analyzing API vulnerabilities and exploits, and releasing quarterly reports. The Q1 report got a lot of attention and positive feedback from the cybersecurity community, as well as a few valuable ideas and suggestions. We included many of these in the Q2 API Vulnerabilities and Exploits report, which will be discussed in our upcoming webinar on August 8th. Register now to reserve your seat!…
Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those applications to clients outside of the Kubernetes Cluster. It’s also configured with Kubernetes API to deploy objects called Ingress Resources The NGINX Ingress Controller is a production-grade Ingress controller (daemon) that runs alongside NGINX Open Source or NGINX Plus instances in a Kubernetes environment. The daemon monitors NGINX Ingress resources and Kubernetes Ingress resources to…
On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F5 security team and there is no evidence of whether it’s exploited publicly. There is no publicly available proof of concept at the time of writing this blog post. Newly discovered BIG-IP vulnerability affects the following product and versions:…
Introduction Cryptography is perhaps the main instrument for building a secure computerized framework. These professionals assume a major part in building these frameworks. This makes them probably the most generously compensated and profoundly esteemed laborers inside the growing universe of cybersecurity. A profession as a cryptographic expert can be testing and remunerating both mentally and financially. Assuming that you’re considering a job as this type of specialist, there’s a great deal you should know and…
Introduction Malware investigation is the review or cycle of deciding the usefulness and possible effect of a given malware like an infection, worm, trojan, rootkit, or secondary passage. Malware or malignant programming is any PC programming planned to hurt the host working framework or to take delicate information from clients, associations or partner organizations. Malware might incorporate programming that accumulates client data without authorization. These experts plan better approaches to protect API security, including the…
Subscribe for the latest news
Subscribe