Day 6: Top 6 Container Security Tips | #CybersecurityAwarenessMonth 2023
Welcome to Day 6 of Cybersecurity Awareness Month 2023! If you're working with containerized apps, these 6 essential tips for container security are a game-changer. From image verification to encryption, learn how to fortify your container ecosystem.
Checkout appsecengineer.com for hands-on courses and security challenges in Container and Kubernetes security.
In this episode of "Last Week in AppSec" we look at
- Facebook's Outage. It's always DNS. When it isn't, its BGP
- Apache Web Server 0day
- AWS's new Cloud Control API
- SpiceDB with Google's Zanzibar
#AppSec #FacebookOutage #AppSecEngineer
...
https://www.youtube.com/watch?v=9yJEpLxWUd4
In this live session, Abhay and Harish will demonstrate how microservices in a Kubernetes environment can be instrumented by a no-code/agentless sensor to auto-discover, and auto-generate OpenAPI docs for all APIs present.
If APIs are your thing, watch the full live code here- https://youtu.be/X2G9tFDrlNk
#API #kubernetes #apiobservability #apisecurity #shorts
...
https://www.youtube.com/watch?v=sUy28585p7A
In this exclusive snippet of the AppSecEngineer Podcast featuring guest Mark Willis from Bluescape, Mark talks about how he approaches hiring new talent for a small company.
Watch the full video here: https://www.youtube.com/watch?v=GJ_PVglEJvQ&t=242s
Without the brand name or financial resources to hire the 'best of the best', how can small companies find and hire new talent and maintain a high standard of security competency?
According to Mark, it's not about looking for people who have the best skills or the most experience (most of them will already be hired somewhere else), but you should be after candidates that can show they have the potential and willingness to learn and grow as professionals.
----------------
AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security.
#AppSecEngineer is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers
Learn more about us at: https://appsecengineer.com
Twitter: https://twitter.com/AppSecEngineer
Linkedin: https://www.linkedin.com/company/appsecengineer/
...
https://www.youtube.com/watch?v=TAi5HpX8aWk
When it comes to storing secrets securely on any platform, there’s usually one go-to solution: #dataencryption. It’s incredibly hard to decrypt data that’s been encrypted without key. Sounds good, right? So...what’s the catch?
Well, the encryption key. That’s the catch. Encryption keys are stored in plaintext format, so if someone with not-so-nice intentions gets their hands on it, there’s really nothing to stop them from decrypting your data and accessing it.
To solve this, engineers use what’s called Envelope Encryption. What this newfangled technique does is use a ‘master key’ to encrypt the data key which encrypts the data itself. But you might be wondering: “If I encrypt my data key with a master key, how will I protect my master key?”
Well, that’s what this video’s about! Our instructor Nithin Jois will be showing you how to first perform #envelopeencryption, and then use AWS Key Management Service to store and manage your master keys securely. If you’re into AWS security, don’t miss this one!
Content of this video
0:00- Intro
2:12- Generate a symmetric key
2:55- What is envelope key?
4:16- Decrypt the data
9:09- Rotate the CMK
12:43- Like and subscribe to the channel
----------
AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security.
AppSecEngineer is ideal for job seekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers.
#KMS #AppSecEngineer
Learn more about AWS Security at: https://appsecengineer.com/product/aws-secrets/
Twitter: https://twitter.com/AppSecEngineer
Linkedin: https://www.linkedin.com/company/appsecengineer/
...
https://www.youtube.com/watch?v=XZp3YrCcx5w
Do you know there are different types of Kubernetes Admission Controllers? If no find out what they are how they are different in this short video!!
Abhay goes over the various types of Admission Controllers that are typical to Kubernetes. And discusses the difference between them.
#KubernetesSecurity #KubernetesAdmissionControllers#AppSecEngineer
...
https://www.youtube.com/watch?v=zMxxsamPRN4
Is it true that investing in training for your team can hurt retention rates?
In this video Aneesh Bhargav talks about this common misconception and busts the myth around it.
According to a Deloitte review, companies that prioritize learning and development have 30-50% higher retention rates.
A 2022 LinkedIn Talent Report found that 86% of employees would consider changing jobs if their new employer offered more training opportunities.
Furthermore, providing training to your team can enhance their skills, productivity, and overall job satisfaction. In short, investing in training is a win-win for your business - boosting retention rates and improving the performance of your team.
#appsecengineer #appsec #applicationsecurity #shorts #retention #training #employeeretention #layoffs #training #infosec #security #securecoding #handsonlearning
...
https://www.youtube.com/watch?v=H2qWlUEzQJc
As a Fintech platform provider Mr Naren NS from Verisk Financial is our go to guy for understanding the critical role of security in Banking and Financial sector across the globe. This is an interesting conversation about core security principles used in Fintech industry, evolution of security practices in Banking sector and changes across course of time and geography.
Main content:
Insights into the key security threats, compliance and vulnerabilities faced by the industry players.
Insights into the significant role played by AppSec in financial industry and how it has transitioned over the decade
Need of the hour in security assessment and implementation and most importantly what customers require from a Fintech platform.
Current scenario of awareness and importance of security
▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
0:00 - Intro
2:58- Evolution of Fintech security in last decade
7:35- Changing landscape of Application Security
16:01- Adding technology and related security risks
38:40- Changing expectations of customers
Learn more about application security and DevSecOps at https://appsecengineer.com/
Learn more about Verisk Financials at https://www.verisk.com/financial/
#Fintech #applicationsecurity #infosec #AppSecEngineer
...
https://www.youtube.com/watch?v=sOcioeDw5mw
Kubernetes is an intricate platform with a vast area susceptible to attacks. Kubernetes authorizes API requests with its API server, analyzing request properties against parameters and ensuring access or denying the request.
By default, all permissions are denied unless specific authorization was implemented beforehand.
Role-Based Access Control, or RBAC, is a structure that restricts access. It requires setting permissions and authorization to allow access for users based on their roles.
RBAC implementation protects confidential data and ensures employees can only access information and execute actions they need to do.
Learn more than the basics of Kubernetes security with us!
Never stop learning with AppSecEngineer's vast collection of Application Security materials! From courses and hands-on training to challenges that expose you to real-world security scenarios. Book a demo with us!
https://www.appsecengineer.com/main-menu-pages/teams
...
https://www.youtube.com/watch?v=QpdsZuDEMLQ