The shift from traditional IT security approaches to integrated DevSecOps practices in the rapidly evolving information technology landscape marks a significant transformation. This integration, blending development, operations, and security, challenges traditional IT security professionals to adapt to a faster, more agile environment.
Blog
Occamslabs sharing insights about cloud securtiy
-
Navigating the Shift: Traditional IT Security in the Age of DevSecOps
Security Devsecops May 01, 2024
-
Transforming Cloud Security: The Shift from Permanent to Just-In-Time Access
Security Cloud Access April 30, 2024
In the rapidly evolving world of IT, access management has undergone significant transformations. The shift from traditional, always-on access to a more controlled, just-in-time (JIT) access model marks a critical pivot in how businesses handle security in cloud environments.
-
Gone Phishing - Caught Developers
Security Phishing October 16, 2023
Phishing attacks are getting more sophisticated by the day. Their target audience is changing every day. In the past, high-profile individuals were targeted using CXO attacks. These days, the scope has broadened and is targeting the whole organization.
-
You are doing it wrong! Kubernetes Image Tags
Supplychain Security Kubernetes September 15, 2023
How you are using Docker tags can say a lot about your security.
-
Securing Kubernetes Workloads with Enhanced Supply Chain Security
Supplychain Security Kubernetes August 11, 2023
In today’s rapidly evolving tech environment, securing your Kubernetes workloads has never been more crucial. As Kubernetes becomes the backbone of many IT infrastructures, implementing robust Kubernetes supply chain security measures is essential to safeguard against vulnerabilities and threats.
-
Vulnerability vs. Supply Chain Attack
Supplychain Security August 07, 2023
A vulnerability is usually an unintended software bug that opens an attack angle for a malicious actor. The good thing about an open-source project is, that the bigger the project, the more eyes are on it. The more likely these vulnerabilities will surface and be fixed fast. In smaller or dormant projects, this is usually not the case.
-
Supply Chains and Lock Files
Supplychain Security August 01, 2023
A supply chain attack is when one or more of the dependencies in your application have been compromised, and some “bad code “is running on your systems and applications that is intended to harm you. These kinds of attacks are becoming more common and more sophisticated.
-
Securing your Ruby and Rails Codebase
Ruby-on-rails Security Devsecops September 24, 2018
When writing software you want to avoid introducing functional bugs or security issues.