What do recent data breaches tell us about the state and need of application security ?

Picture this. A hacker uses a VPN to breach into a cloud server (virtual machine hosted within a tier-1 public cloud provider) of a large financial enterprise, through a misconfigured firewall, then executes a small set of commands (injection attack), which gets her the credentials.

Forces Of Fundamental Shift in Application Security

During the course of evolution , some events act as turning points and make such a major impact that they are seen as defining moments as well as the start of a new era in their respective spaces. We are at such a juncture in the application security space.The adoption of cloud and virtualization for deploying and developing applications creates a huge shift and makes traditional and existing security solutions ineffective and inapplicable in the modern cloud era.

How Kubernetes Vulnerability is About the Challenges of Securing Distributed Microservices - Part 2

This post is the final part of a two-part series on analyzing recently found CVE-2018-1002105. In the last post, I covered the overview of Kubernetes (K8s) vulnerability (CVE-2018-1002105). Using an example API request flow, I explained how the vulnerability may lead to privilege escalation or anonymous access to K8s cluster using an example request flow.