Knowledge hub

security

ARVOS - Attempted tracing performance improvements

Finding Vulnerabilities using eBPF Probes in Python Using ARVOS

We explored the functionality, accuracy, performance and usability of function call tracing in Python using ARVOS to detect the runtime usage of known vulnerable code. We found that the approach is functional with 100% accuracy, but with an unfortunate 50% decrease in the performance of the traced application.

Operating Secure Kubernetes Platforms: Setting the Scope

Operating secure Kubernetes platforms requires clear boundaries of what is in and out of scope of the team's responsibility. Learn why it's important, how to do it, and the greater context of scope setting.
HOWTO stop running containers as root

HOWTO stop running containers as root

Running containers as root is a bad idea for security. This has been shown time and time again. Hackers find new ways of escaping out…