Operations | Monitoring | ITSM | DevOps | Cloud

Latest Posts

Data Tampering: A Comprehensive Guide

In an increasingly interconnected and data-driven world, where information shapes decisions and fuels innovation, the integrity of data has become paramount. However, lurking beneath the surface is a silent threat that can undermine trust, compromise systems, and wreak havoc on organizations: data tampering. In this post, we delve into the realm of data tampering, exploring the vulnerabilities, the reasons behind data tampering practices, and countermeasures against them.

CRLF Injection, Explained: An In-Depth Guide

In this in-depth guide we’ll explore CRLF injection, a web application security vulnerability that can have severe consequences. First, we’ll cover what CRLF injection is, the types of CRLF injection attacks, and their potential impacts. Additionally, we’ll discuss similarities with other attacks, payloads used in these exploits, and how to prevent CRLF injection. Finally, we’ll touch on the role of OWASP in addressing this security risk.

Terraform Import: What It Is and How to Use It

In this post we’ll explore Terraform Import, a powerful command-line tool that allows you to bring existing infrastructure under Terraform management. We’ll cover what Terraform Import is, its common use cases, and how to use it effectively. Additionally, we’ll discuss some limitations you should be aware of when using Terraform Import.

The Dark Side of DevSecOps and the case for Governance Engineering

For today’s software organizations security has never been more top of mind. On one side there is the present and growing threat of being hacked by malicious actors, set out in Crowdstrike’s recent Global threat report. And, on the other, there is a wave of cybersecurity regulation from the government to mitigate such cybersecurity vulnerabilities.

The Swedbank Outage shows that Change Controls don't work

This week I’ve been reading through the recent judgment from the Swedish FSA on the Swedbank outage. If you’re unfamiliar with this story, Swedbank had a major outage in April 2022 that was caused by an unapproved change to their IT systems. It temporarily left nearly a million customers with incorrect balances, many of whom were unable to meet payments.

How to Use Ansible Copy Module: An In-Depth Guide

In this post, we’re going to learn about the Ansible copy module. Before we look at the copy module specifically, let us first remind ourselves what Ansible is. You can install this open-source software on just one Linux machine. Then it can perform a lot of tasks on connected Linux machines without requiring Ansible installation on them. You can do tasks like copying files, fetching files, and a lot of other things all on connected machines, with a single command.

Authentication Failures: Definition, Consequences, and Prevention

Authentication is the security process that verifies a user’s identity in order to grant access to their online account. It also functions as the gateway to your product. It’s a workflow you can’t compromise on without risking negative impacts on your users and your company. Fortunately, there are lots of authentication services that can do the heavy lifting for you. It’s important to understand what you can do in case of an authentication failure, when to do it, and why.

Ace your way through painless audits with Kosli's Evidence Vault

Preparing for a software audit can be a time-consuming and painful process where a lot of information needs to be gathered and verified in a provable audit trail. It means tracking down and piecing together evidence for pull requests, test reports, security scans, deployment logs, and more. This information is usually scattered across tools which are typically unsecured and unmanaged, so it can be easily deleted and/or modified.