1 结果
modern teams are going cloud native by moving to microservices based architecture. with the usage of microservices, east-west traffic is growing too. it is critical to secure this lateral traffic to reduce available attack surface in internal systems. moreover, attacks highlighted in owasp top 10 are still relevant for cloud native applications. in addition, some underrated attacks like credential stuffing also need to be taken into account. integrating a security solution into your ci / cd toolchain involves human resource costs. many companies rely on powerful tools like sast, dast and sca. however, these tools partially cover the owasp top 10 and do not ask for precise information from developers to describe an application / api easily. sast gives rise to many false positives and cannot determine new runtime vulnerabilities. dast and sca help spot many vulnerabilities but it can be a nightmare for companies to handle them all. hence, these security testing tools are not sufficient anymore to ensure the security of your applications, especially against zero-day attacks.