A New Open-Source Tool that Fills a Critical Serverless Security Gap 

By: Ariel Shuper
Nov 22 2022

One of the main attractions of moving software to the cloud has always been the “shared responsibility model,” wherein the cloud provider deploys, protects, and maintains the underlying infrastructure and execution environment and the custom...

OpenSSL 3.0 Critical Vulnerabilities: Should You be Spooked?

By: Sarabjeet Chugh
Nov 1 2022

Don’t be. Act now—use Panoptica to scan for OpenSSL vulnerabilities for free. On November 1, the OpenSSL Project team released a critical patch for OpenSSL 3.0. The patch—OpenSSL 3.0.7—will fix this vulnerability in the library affecting ...

Speed Versus Security: Tackling the “Developer’s Dilemma”

By: Rami H.
Sep 19 2022

Today’s developer just can’t win. It’s a continuous tug of war between business objectives—the boss who wants releases “faster, faster, faster!” and the security team, who keeps halting releases because of insecure code—with the develo...

Securing Serverless Applications Against the Most Critical Risks

By: Sarabjeet Chugh
Sep 19 2022

If you’re a developer working in a cloud environment, there’s a good chance that you’ve either started thinking about serverless computing or have already started to deploy it. And why not? Unlike VMs or container clusters, serverless function...

Why Now Is the Time for CISOs to Embrace CNAPP for Cloud Native Security

By: Ran Ilany
Apr 20 2022

“Breaking down silos” is a common phrase in the world of DevOps and DevSecOps. Ironically, though, if you look at how many DevOps and DevSecOps cloud native security tools actually work, you realize that the tools used are very siloed. In...

5 Real-World API Security Breaches from 2021

By: Ran Ilany
Apr 14 2022

It’s no exaggeration to say that, when it comes to API security, there are a lot of challenges. Not only are attacks that exploit vulnerabilities in APIs on the rise, but there is good reason to believe that API vulnerabilities will be am...

Securing API Calls in Kubernetes, a simple and effective Approach

By: Alessandro Duminuco
Apr 13 2022

Historically, API authentication methods have involved a tradeoff between security and convenience. Today, with cloud native applications and Kubernetes, there are several options, but security tradeoffs remain: You could hardcode credentials, wh...

Everything DevOps need to know about the NSA’s Kubernetes Security Guidance

By: Alexei Kravtsov
Nov 30 2021

Kubernetes security is a complex topic. So complex that the National Security Agency recently issued a 59-page guidance document on Kubernetes security hardening. Yet, when you boil this advice down, you’ll find that most sources of c...

Leveraging Gitops to Deploy Cloud Native Security

By: Tomer Dvir
Nov 8 2021

GitOps is increasingly popular among developers as it accelerates development, but as security requirements grow, a new approach is needed. GitOps security needs to shift left. Here’s how to secure your GitOps repository. GitOps is gaining trac...

Automated Policy for developers using CI/CD (Terraform) tools

By: Tomer Dvir
Aug 16 2021

Automated Policy - Infrastructure as code is a core element of today’s CI/CD pipeline and led to the emergence of Continuous Configuration Automation (CCA) tools, such as Terraform, a leading declarative push CCA solution launched by HashiCorp in ...