Viewing your world through security-colored DevOps glasses

Originally published in Oct 2017, at Onica.com/blog

Complying with minimal regulations or certifications required by governments or customers and creating a wide window of exposure should be the goal for any first-class technology organization.

Read More

Capital One data breach: Two security controls you should review

Originally published on August 7, 2019 at Onica.com/blog

On July 19, 2019, Capital One® announced that an attacker gained access to over 100 million American and Canadian customer records containing sensitive data such as social security numbers, names, and dates of birth.

Read More

Key management and HSMs for AWS workloads

Managing the cryptography infrastructure required for a project or a company has traditionally been a challenging task, to put it mildly. It requires a highly-specialized and rare skillset and poses a substantial technological and legal risk in perhaps the most sensitive areas of your applications.

Read More

Introduction to SAP Security Audit Log

This post introduces SAP® Security Audit Log.

Read More

Secure Active Directory authentication for Weblogic Server

This post explains how to secure Microsoft® Active Directory® (AD) authentication by using Secure Sockets Layer (SSL).

Read More

How to achieve PCI compliance in the public cloud

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized regulation that protects consumer credit card information from theft and disclosure. It applies to all organizations that store, process, or transmit credit card information—even if it’s just a few transactions each year.

Read More

Threat Intelligence and security practices in the Oracle Cloud

The Oracle® Cloud Security Practices team, in their own words, “describe how Oracle protects the confidentiality, integrity, and availability of customer data and systems that are hosted in the Oracle Cloud and/or accessed when providing Cloud services. Today, 430,000 customers in 175 countries use Oracle technologies to seize business opportunities and solve real, tangible challenges.

Read More

Rackspace Cloud Native Security

In 2009, over 12 million malware infections were reported globally. By 2018, this increased to over 812 million detected threats. The sophistication of these attacks multiplies rapidly—it’s a nearly impossible task to be on top of security threats without having a dedicated team to manage and operate the effort. Security threats come in many different forms. For example, cybercrime has increased by 600% due to the COVID19 outbreak. Very few would have predicted a pandemic would open us to more cybercrime.

Read More

The SSL and TLS handshake process

This post introduces Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, how these protocols work, and why you might use them.

Read More

Hurdles and success criteria of DevSecOps adoption

DevSecOps integrates security practices, principles, tooling, and knowledge into all stages of the software development life cycle within an Agile framework. It aims to enforce security in every stage of the DevOps process compared to the traditional practice, where security assurance is typically performed late in the software delivery life cycle.

Read More