Recently I had to scan some Dockerfiles to identify potential security issues. In this case I wanted to use an automatic scanner. Automatic scanners have the problems we know about false positives and false negatives, but depending on the kind of work you want to do and the depth you need, they have a good benefit/effort ratio.
- The value of a pentest
- Off the top of my head: Is availability really a cybersecurity pillar?
- Off the top of my head: About having everything green in Qualys
- Information security requirements on the US “Executive Order on Improving the Nation’s Cybersecurity”
- How to find OpenSSL in our infrastructure