Aqua Blog

Kubernetes Security

CIS Benchmark framework

What’s New in the Docker and Kubernetes CIS Benchmarks

One of the challenges with container security and its standards is keeping current with new releases and products. New versions of the Docker and Kubernetes CIS Benchmarks were released recently to capture changes in the new versions of those projects, both to keep things current and to expand coverage to help …

Continue reading ›
06-21 K8s Upgrades & Visibility Blog Image

Improving Your K8s Security: Upgrade Your Clusters and Avoid Exposure

With the move to cloud native development comes potentially increased risk of services that are exposed to the Internet and can easily be discovered by attackers. When combined with the fast pace of change in Kubernetes versions, there’s real risk of being one vulnerability away from a security incident. Recently I …

Continue reading ›
MITRE ATT&CK Framework

Mapping Risks and Threats in Kubernetes to the MITRE ATT&CK Framework

In April, MITRE published the ATT&CK matrix for Containers covering adversarial techniques that target container technologies. At Aqua, we were proud to support this effort by sharing our knowledge and helping refine and extend the matrix. As for the risks in Kubernetes, Microsoft created a framework for …

Continue reading ›
Kubernetes Authorization

Improving Your Kubernetes Authorization: Don’t Use system:masters

When you’re operating Kubernetes clusters, an important area of focus is in ensuring your authorization model is correct and provides users with the least privileges needed for them to carry out their roles. As such, blanket cluster-admin privileges should never be used and in particular the in-built system:masters

Continue reading ›
K8s Secrets

Why You Shouldn’t Use Config Maps to Store Sensitive Data in K8s

One of the challenges of managing containerized environments is how to store sensitive information that’s needed for the operation of the applications running in those environments. Kubernetes provides a built-in secrets object type, but a common comment about them is that, from a technical standpoint, they’re just …

Continue reading ›
Kubernetes 1.21

Kubernetes Version 1.21: What You Need to Know

As with every new Kubernetes release there are a great number of new features, however there are a couple of key changes which could have impacts to security and are worth looking at in more details. In addition to the deprecation of PodSecurityPolicies, we’ll also look at some newly promoted features being put in …

Continue reading ›
JDWP Misconfigurations

JDWP Misconfiguration in Container Images and K8s

Java Debug Wire Protocol (JDWP) is a great way to remotely debug applications during development. However, if enabled when shipped to production, hackers can exploit this mistake by running an arbitrary code that allows initial access or privilege escalation in your production environment. Using Aqua’s Dynamic …

Continue reading ›
Starboard integration with Lens Kubernetes IDE

Discover Security Risks with Starboard Extension for Lens Kubernetes IDE

When the Mirantis team announced the Lens Extensions API back in November 2020, we were excited to experiment with it and build an extension for Starboard, our open source Kubernetes native security toolkit. True to DevSecOps principles, the integration makes security reports accessible within Lens IDE, giving you …

Continue reading ›
Kubernetes Pod Security policy

Kubernetes Pod Security Policy Deprecation: All You Need to Know

To improve your Kubernetes security, you need to control and limit what pods can be created and deployed in your environment. For this, Kubernetes has provided a beta feature called Pod Security Policy (PSP), which soon will be deprecated and replaced with a standard called Pod Security Standards (PSS). In this …

Continue reading ›
Kubernetes vulnerability scanning

Vulnerability Scanning for Kubernetes Applications: Why and How

If you’re looking to improve the security posture of your Kubernetes applications, you can get a lot of bang for your buck with vulnerability scanning. In this blog, I’ll talk about the fundamentals of scanning container images: how to pick a vulnerability scanner, when to use it in the application pipeline, and …

Continue reading ›
KubeSec Kubernetes security conference

KubeSec Enterprise Online North America Kicks Off!

Looking for a great start to the year? We got you covered! For the fifth time, Aqua will host the KubeSec Enterprise Summit, an industry event entirely dedicated to the security of cloud native applications. While we’re looking forward to connecting with you all in-person again someday, we are also, as was the case …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...