The times when it was enough to install an antivirus to protect yourself from hackers are long gone. We actually don’t hear much about viruses anymore. However, nowadays, there are many different, more internet-based threats. And unfortunately, you don’t need to be a million-dollar company to become a target of an attack. Hackers these days use automated scanners that search for vulnerable machines all over the internet. One such modern threat is a traffic analysis attack.

Security testing is a key component of software quality. A program may meet functionality and performance requirements, but that does not guarantee security. In this blog post I will present different security testing methods and provide a few tips for conducting a more secure code review. But first, let’s understand what software security is intended for.

The #LifeatTorq Team Spotlight is a Q&A series dedicated to the talented and generally kick-ass team that form the foundation of our growing company. Today we are spotlighting Ori Seri, an R&D team leader at Torq, based in our Tel Aviv office. Tell us a bit about your career path before Torq. Ori: I was an officer in an Israeli Defense Forces (IDF) Intelligence unit early on. Then I worked at a startup called Nuweba, where I began as an engineer, and later led an R&D team there.

Security is a top-of-mind topic for software companies, especially those that have experienced security breaches. Companies must secure data to avoid nefarious attacks and meet standards such as HIPAA and GDPR. Audit logs record the actions of all agents against your Elasticsearch resources. Companies can use audit logs to track activity throughout their platform to ensure usage is valid and log when events are blocked.

Cloud monitoring and observability can involve all kinds of stakeholders. From DevOps engineers, to site reliability engineers, to Software Engineers, there are many reasons today’s technical roles would want to see exactly what is happening in production, and why specific events are happening. However, does that mean you’d want everyone in the company to access all of the data?

One of the foundations of GitOps is the usage of Git as the source of truth for the whole system. While most people are familiar with the practice of storing the application source code in version control, GitOps dictates that you should also store all the other parts of your application, such as configuration, kubernetes manifests, db scripts, cluster definitions, etc. But what about secrets? How can you use secrets with GitOps?

A May 2021 executive order mandated that federal government agencies invest in both technology and personnel to centralize and streamline access to cybersecurity data, accelerate migration to secure cloud architectures, and advance toward a zero-trust architecture. A zero-trust architecture doesn’t refer to a predefined, out-of-the-box network security solution. It’s a strategy based on an agency’s cybersecurity plan that contains a collection of zero-trust concepts.