GitGuardian’s Post

APIs are critical to microservices, cloud infrastructure enabling applications written in different languages to exchange information, and carry out critical IT functions. API Security is now its own subset of information security practices, and is causing massive headaches. What happens with application and security teams are unaware their apps have "shadow APIs"? Transitive dependencies in runtime are an often overlooked attack surface. They aren't detected by SAST or DAST scanning solutions, and often require a runtime observability solution to find them. I'm sure this will be a big topic at the upcoming RSA Conference. #darkreading #apisecurity #shadowapi #transitivedependency #sast #dast #observability #sqlinjection #crosssitescripting #xss #hijacking #dataharvesting #apiattacks https://lnkd.in/grQkP7cS

In today’s digital landscape, security is paramount! Learn how to connect Azure Container Apps to Azure OpenAI using User Managed Identity. This approach not only simplifies authentication but also enhances security by eliminating password-based access. Dive into the step-by-step guide and elevate your application’s security today! 🌐 https://lnkd.in/dpbfUpmT #Azure #OpenAI #ManagedIdentity #Security #CloudComputing

Imagine how much money companies have poured into expensive, closed-source CNAPPs... 💰💰💰 Now imagine getting the same powerful security features, completely free, with Deepfence ThreatMapper! 🤯 ThreatMapper is the leading open-source CNAPP that provides: ✅ Comprehensive vulnerability scanning: Uncover hidden risks across your entire cloud-native environment. ✅ Cloud security posture management (CSPM): Ensure compliance and enforce best practices. ✅ Runtime threat detection: Identify & block attacks in real-time. And much more! Why pay for a closed-source solution when you can have ThreatMapper's enterprise-grade security without the hefty price tag? ➡️ Download ThreatMapper today & start saving: https://lnkd.in/gJEbFqe #cloudsecurity #opensource #CNAPP #ThreatMapper #Deepfence #DevSecOps #Kubernetes #containers #serverless #CSPM

In today’s digital landscape, security is paramount! Learn how to connect Azure Container Apps to Azure OpenAI using User Managed Identity. This approach not only simplifies authentication but also enhances security by eliminating password-based access. Dive into the step-by-step guide and elevate your application’s security today! 🌐 https://lnkd.in/d5uaVn85 #Azure #OpenAI #ManagedIdentity #Security #CloudComputing

Here's my belated recap of Cloud Native Computing Foundation (CNCF)'s #SecurityCon 2024. I know it's weird to have it posting during Black Hat, but want folks to note the great content from this conference from June! Be sure to check out these highlights and the available recorded sessions. #devsecops #appsec #cloudnativesecurity #kubernetessecurity #containersecurity #vulnerabilitymanagement #riskmanagement #applicationsecurity #OSS #softwaresupplychainsecurity #openssf #cybersecurity #infosec #AIsecurity

𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐧𝐠 𝐒𝐞𝐜𝐫𝐞𝐭𝐬 𝐰𝐢𝐭𝐡 𝐃𝐨𝐜𝐤𝐞𝐫 Modern software is interconnected. When you develop an application, it has to communicate with other services — on your infrastructure, cloud infrastructure services, or third-party applications. Of course, you don’t want just anyone to masquerade as you, so you use secrets like SSH keys or API tokens to make the communication secure. But having these secrets means you have to keep them secret. // Unfortunately, sometimes the secrets escape. When this happens, it can allow bad actors to maliciously use the secrets or post them on the “dark web” for others to use. They can insert vulnerabilities into your code. They can impersonate you or deny legitimate users access to resources. And, if the secret is for something billable (like public cloud infrastructure), they can cost you a lot of money. No matter what other costs you face, the public relations impact can cause your users to lose trust in you. *𝐂𝐨𝐧𝐭𝐫𝐨𝐥𝐥𝐢𝐧𝐠 𝐚𝐜𝐜𝐞𝐬𝐬 𝐰𝐢𝐭𝐡 𝐃𝐨𝐜𝐤𝐞𝐫 𝐇𝐮𝐛 The principle of least privilege is a powerful part of your security posture. If someone doesn’t need access to your Docker Hub images, they shouldn’t have access.  Docker Hub provides private repositories so that you can keep your images to yourself. Keep in mind that even with private repositories, 𝐃𝐨𝐜𝐤𝐞𝐫 𝐇𝐮𝐛 𝐢𝐬 𝐧𝐨𝐭 𝐟𝐨𝐫 𝐬𝐭𝐨𝐫𝐢𝐧𝐠 𝐚𝐜𝐜𝐨𝐮𝐧𝐭 𝐬𝐞𝐜𝐫𝐞𝐭𝐬. Private repositories are a layer in your defense-in-depth model. // *𝐊𝐞𝐞𝐩𝐢𝐧𝐠 𝐬𝐞𝐜𝐫𝐞𝐭𝐬 𝐨𝐮𝐭 What’s better than protecting the secrets on your Docker image? Not having them in the image in the first place! While there are cases where you need to store a secret in order to make the proper connections, many cases of secret leakage involve secrets that were added accidentally. The best way to avoid accidentally adding secrets is to use a secret manager, such as 𝐀𝐖𝐒 𝐒𝐞𝐜𝐫𝐞𝐭𝐬 𝐌𝐚𝐧𝐚𝐠𝐞r, 𝐇𝐚𝐬𝐡𝐢𝐂𝐨𝐫𝐩 𝐕𝐚𝐮𝐥𝐭, or 1𝐏𝐚𝐬𝐬𝐰𝐨𝐫𝐝, which has some CLI options. If you have to keep the secrets in a local environment, you can prevent files from accidentally winding up on your image by adding them to the .𝐝𝐨𝐜𝐤𝐞𝐫𝐢𝐠𝐧𝐨𝐫𝐞 file. For example, if you’re worried about accidentally adding 𝐒𝐒𝐇 𝐤𝐞𝐲𝐬 to your image, you can include: *𝐢𝐝_𝐫𝐬𝐚* This approach works well for secrets in files with predictable names. If you’re always storing your cloud credentials in a file called 𝐜𝐥𝐨𝐮𝐝_𝐤𝐞𝐲.𝐭𝐱𝐭, then you’re well-covered. But you won’t catch 𝐜𝐥𝐨𝐮𝐝_𝐜𝐫𝐞𝐝𝐞𝐧𝐭𝐢𝐚𝐥𝐬.𝐭𝐱𝐭. You can add another layer of security with secret scanners. Tools like 𝐀𝐪𝐮𝐚 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐓𝐫𝐢𝐯𝐲, 𝐀𝐧𝐜𝐡𝐨𝐫𝐞, and 𝐉𝐅𝐫𝐨𝐠 𝐗𝐫𝐚𝐲 search your files for things that look like secrets. *If you run the scanner before pushing your image, then you can catch the secret before it escapes. Many secrets scanners can be tied into a Git commit hook as well to prevent secrets from being included in your code.

Tired of closed-source CNAPPs w/ limited visibility & hefty price tags? 😡 Deepfence ThreatMapper is here to change the game! 💪 This 100% open-source CNAPP provides the same powerful capabilities as leading commercial solutions, including: ✅ Comprehensive vulnerability scanning: Uncover security risks across your entire cloud-native environment. ✅ Cloud security posture management (CSPM): Ensure compliance with industry standards & best practices. ✅ Attack path analysis: Visualize & understand potential attack vectors. And much more! With ThreatMapper, you get enterprise-grade security without enterprise-grade costs. Ready to experience the power of open-source CNAPP? ➡️ Download ThreatMapper today: https://lnkd.in/gJEbFqe #cloudsecurity #opensource #CNAPP #ThreatMapper #Deepfence #DevSecOps #Kubernetes #containers #serverless

👉 Top ten reasons to use Deepfence Open-Source CNAPP: 1.Cost-effective: 100% free to use, saving you from expensive licensing fees. 2.Comprehensive: Covers entire stack, containers, Kubernetes, serverless. 3.Full visibility: Deep insights into your public/private cloud & vulnerabilities. 4.Runtime threat detection: Identify and block attacks in real time. 5.Automation: vulnerability management, incident response, & compliance. 6.Easy to deploy: Deploy seamlessly in any cloud or on-premises environment. 7.Integrates with your existing tools: Works with your current workflows. 8.Open-source advantage: Community-driven development transparency. 9.Flexible deployment: Agent-based or agentless deployment options. 10.Granular control: Fine-grained policies tailored to your specific needs. 👉 Make informed decisions & enhance your security posture with Deepfence Open-Source CNAPP! #CSPM #CDR #CNAPP #cybersecurity #cloudsecurity #opensource #Deepfence https://lnkd.in/gJEbFqe

Tired of paying for cloud security platforms that don't deliver? 5,000 organizations & counting are using the leading FREE & Open-Source Runtime CNAPP Deepfence ThreatMapper. Take back control of your cloud security – without breaking the bank. Download ThreatMapper NOW: ✅ Complete Security Insights: Uncover hidden risks in your cloud infrastructure & applications. ✅ Find & Fix Vulnerabilities: Detect & address weaknesses in your containers, hosts, and Kubernetes. ✅ Stop Threats in Real-Time: Stay ahead of attacks w/ continuous monitoring & real-time alerts. ✅ Stay Compliant: Ensure your cloud environment meets industry standards. ✅ Join a Thriving Community: Benefit from the knowledge & support of a vast open-source network. #cloudsecurity #cloudnative #devsecops #threatmapper #deepfence #opensource #cybersecurity #CNAPP #CSPM #CWP #runtime

🚨 Critical Kubernetes Image Builder Vulnerability Discovered 🛠️ A newly identified vulnerability in Kubernetes Image Builder could allow attackers to manipulate container images, posing serious risks to cloud environments. With Kubernetes being a cornerstone of modern cloud infrastructure, it’s crucial for organizations to stay vigilant by applying timely patches and strengthening their container security measures. Learn more about this critical vulnerability and how to safeguard your Kubernetes environment. #Kubernetes #ContainerSecurity #CloudSecurity #CyberSecurity #DevSecOps #ThreatDetection #VulnerabilityManagement