In this week’s The Long View: Why Apple services were down, Linux gets a huge RNG overhaul, and we wonder if Okta was hacked again.
Authentication in Serverless Apps—What Are the Options?
Serverless applications are growing in popularity among DevOps engineers. They provide a convenient, predictable way to run simple processes like CI/CD builds or automation scripts with no need to stand up infrastructure. They are also commonly used to deploy microservices. However, serverless applications present unique security challenges, one of them being authentication. How can you […]
Why Was Facebook Vulnerable to an Authentication Exploit?
What Happened: As part of a bug bounty program, the AppSecure cybersecurity research team found a vulnerability on the authentication mechanism of Facebook. It gave them the ability to potentially gain full control of the social media giant’s more than 1 billion users. The team won a $15,000 bounty for its discovery. This vulnerability was […]
Okta Adds Free Developer Edition to AppSec Service
Okta this week lowered the barrier to adoption of DevSecOps best practices by making available an Okta Starter Developer Edition to enable developers to embed Okta authentication, authorization and user management capabilities into applications at no cost for up to 15,000 monthly active users. Randall Degges, head of developer advocacy for Okta, said interest in […]
The Best IAM Practices for DevOps
Through identity and access management (IAM), it is possible to assign policies that determine whether a user and the role can access particular services or not. An IAM system is also supposed to maintain the principle of least privilege (POLP), which grants the roles and users the permission to access certain resources. As a business […]
Okta Offers PASETO as Alternative to JSON Tokens
Okta today launched an open source library for using Platform-Agnostic Security Tokens (PASETO) as an alternative to JSON Web Tokens (JWT) to authenticate end users. Randall Degges, head of evangelism for Okta, said PASETO is quickly emerging as an easier, more secure implementation of the JWT specification. PASETO is a draft specification created by Scott […]
CNCF Elevates SPIFFE Spec to Secure App Services
The Technical Oversight Committee (TOC) of the Cloud Native Computing Foundation (CNCF) announced that the open source Secure Production Identity Framework For Everyone (SPIFFE) specification and the SPIFFE Runtime Environment (SPIRE) have become incubation-level hosted projects. Andrew Harding, SPIRE maintainer and a principal software engineer at Hewlett Packard Enterprise (HPE), said the elevation of a […]
Conjur up some agile, automated authorization management
One issue that has plagued IT since its inception is adding and removing authorized users. Most network and application security rely on somehow validating credentials to confirm that an individual is authorized to access the resources, but in a rapidly changing environment it is a serious challenge to keep authorization and authentication systems up to […]