Koby Meir

Find me on:

Recent Posts

Why you Should Secure your Test Environments

Posted by Koby Meir on September 24, 2020 4:32:26 AM EDT

While test environments are a vital part of the deployment process, when it comes to security they are not treated equally. The need to secure your production environment is a given but unfortunately, test environments often suffer from low to no security and in some cases are unnecessarily exposed to the web.

A typical deployment pipeline includes three non-production test environments each serving its own purpose.

Development: This is where the initial magic happens. It is the workspace in which developers can deploy and test code and make frequent changes per need.

QA (also referred to as Testing): In this test environment, testers focus on bug fixes and on ensuring that each component in the application is working properly.

Staging: This environment is used for the final stages of testing before the release to production. Out of all the test environments, staging typically mimics the production environment and oftentimes, real data is used in order to ensure the application is reliable and will not fail in production.

Such test environments may contain source code of future features that are not yet meant to be publicly available. In addition, they often include real production data and API keys. Such exposed test environments pose weak entry points into internal networks and can lead to data exposure and leaks.

In addition to potential leaks, since most test environments are not regularly monitored, attackers could "practice" their exploits on exposed staging environments until they are ready and able to take down your live application in one shot.

Every week, Reposify’s attack surface management platform discovers millions of exposed test environments including development, QA and staging environments which were left unprotected and can be easily accessed online and exploited by attackers.

Read More

Topics: Attack Surface, test environments

“If I Can't See it it Doesn't Exist” - The blind spots in Your IT Security Risk Assessment

Posted by Koby Meir on April 21, 2020 1:29:31 PM EDT

Cyber security risk assessment is a fundamental building block in any cyber security program. It enables you to identify all the potential risks and security issues that your organization might face and ensure the right policies and tools are put in place to improve your overall security posture.

Read More

Topics: "IT Security Audits", "Attack Surface Management", "Security Risk Assessment"

Reaper – is your network secured against this new IoT botnet?

Posted by Koby Meir on October 20, 2017 12:00:00 AM EDT
One year ago, an army of devices infected with Mirai malware amassed into a botnet that caused some of the largest DDoS attacks to date. The attacks targeted, among others, the major DNS provider Dyn and the website of Brian Krebs, a well-known investigative reporter who covers information security and cyber crime.
Read More

Topics: "Respoify IoT Scanner", "botnet"