Security

In my How to Install and Use Starboard to Protect Your Kubernetes Cluster post, I first installed Starboard and reviewed a vulnerability scan report. After reviewing the results, I then tried to action some of the vulnerabilities in my MySQL deployment. In addition to vulnerability scans, Starboard can also conduct configuration audits of your Kubernetes deployment. I wanted to review those next and walk through a Kubernetes audit report action plan. In working through an action plan, you should first address any CRITICAL results. After mitigating those, you would want to work through the HIGH and so forth. ...

In my Securing Your CI/CD Pipeline: A Beginner’s Guide to Implementing Essential Security Measures post, I started to tinker with SecOps a little with Terrascan. I also stumbled upon another tool called Starboard from Aqua security. In this post, I’m going to focus on using Starboard installation and usage as a Kubernetes Operator to see how it works. Getting Started The installation of Starboard seems pretty easy as you can either use kubectl or helm. I decided to go the helm route for my installation. ...

If you take a look at this blog, you’ll see that I’ve begun to tinker with devops quite a bit. If you’ve ever taken the trouble to look me up on LinkedIn, you’ll also see that I’ve had a little history doing security stuff. Given my love of security, the next logical step of my devops journey was to start to look into securing the CI/CD pipeline. My previous posts were some ways that I was able to make my own personal infrastructure easier to maintain while at the same time learning various devops tools. My two previous posts, How to Build a CI/CD Pipeline for Your Database and Automate Your Database Changes with a CI/CD Pipeline, are my attempt at creating a sample pipeline to be used as a basis of my examples. In addition to these articles, I’ve also created some other infrastructure as part of my devops environment. Now let’s secure it! ...

In my Getting Started With a Content Security Policy post, I setup a report only CSP policy so that I could try and identify things that could test out a policy before implementing it. It is time to parse through the results and see what needs to be updated in my deployed policy. The original policy was very simple default-src https Inspecting The Violations I started trying to look at the current violations and I think it was clear that I had a rather permissive Content Security Policy because nothing much was being blocked. ...

I recently needed to setup Content Security Policy (CSP) on a website and I couldn’t think of where to get started. The first question that came to mind was what all content do I allow and how do I test everything without having to look through all of the code on the site. This is where the Content-Security-Policy-Report-Only header can come into play. The short version is that this allows you to create a policy in report only mode and you can collect the results at the endpoint specified via the report-uri directive. That’s great! I have what I need but how do I collect what’s being reported by the clients to the report-uri and what do I use for the report-uri? This was a great place for me to begin testing out DigitalOcean Functions. ...