During the course of evolution , some events act as turning points and make such a major impact that they are seen as defining moments as well as the start of a new era in their respective spaces. We are at such a juncture in the application security space.The adoption of cloud and virtualization for deploying and developing applications creates a huge shift and makes traditional and existing security solutions ineffective and inapplicable in the modern cloud era.
About Amit Jain, Founder and CTO of Mesh7, a cloud-native application security company
Amit has 20+ yrs. of experience in architecting and innovating application security solutions such as WAFs, Authentication Gateways, ADCs and Web Application proxies at F5, Citrix, Cisco ACI, and other startups. Amit is an industry thought leader, author of multiple patents, active participant in IETF and co-author of the RFC 4782.
Entries by Amit Jain, Founder and CTO of Mesh7, a cloud-native application security company
This post is the final part of a two-part series on analyzing recently found CVE-2018-1002105. In the last post, I covered the overview of Kubernetes (K8s) vulnerability (CVE-2018-1002105). Using an example API request flow, I explained how the vulnerability may lead to privilege escalation or anonymous access to K8s cluster using an example request flow.
Kubernetes (K8s) has rapidly become the one of the most widely adopted container orchestration platform. With its powerful combination of simple to understand constructs, providing rich capabilities, and functionalities to meet the varied need of microservices, K8s offers an attractive deployment platform for microservices applications.