Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
79
security best practicesLinux toolsautomated testingSecuring Open-Source Projects: Automated Testing Methods on Linux
Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical security, workflow, wireless security, and human security testing. Developers should effectively manage risks that may cause vulnerabilities. Automation testing on Linux allows repeatability, compliance, and application interaction. . This guide helps development teams set up automated security testing on Linux. It guides teams in preparing the testing environment, securing it, and engaging in various testing methods. The article covers open-source applications, best practices, and open-source community engagement. The Growing Need for Security in Open-Source Projects Organizations look forward to completing project development, but ignoring security is risky. Linux security monitoring is useful for resource management and vulnerability protection. These systems have the advantage of a vibrant and supportive community. Such an environment eases the burden, allowing quick vulnerability identification and connection. Organizations nowadays carry out wider scopes and testing types on different scenarios. SAST test is widely used, allowing it to become popular among testing teams and companies. If you are new to testing, your concern could be – What does SAST stand for in this field? Innovators develop these phrases and refer to SAST as Static Application Security Testing. Developers use it to test source code, ensuring the application does not launch. SAST starts sooner after the development lifecycle starts and continues until launching. Teams should establish clear evaluation criteria — including language coverage, CI/CD integration, false-positive management, and reporting capabilities — when evaluating SAST solutions within their development environments. Open-source projects are vulnerable because of the large communities connected to them. Some members might have ill motives and be tempted to compromise and endanger users.Application security automation ensures tests run continuously, keeping the entire Linux environment monitored. Automated security testing allows a wider testing scope and detailed report generation. AI security testing applications allow teams to implement vulnerability, penetration, security, and source code testing. Automation creates a strong covering around the infrastructure, preventing breaches. It saves time and cost, allowing teams to test multiple security aspects simultaneously. Teams reduce deployment time, allowing maintenance tasks to launch and receive feedback. Companies that automate boost testing efficiency and ensure every step portrays professionalism. This approach records fewer errors, allowing teams to cover more areas and boost accuracy. Key Steps to Implement Automated Security Testing on Linux The setup process is simple, but teams should understand their goals and approaches. They should identify and agree on top-notch tools applicable to the process. Security should be the foundation of this model but should be based on priorities. Launch web application automated testing immediately after development commences. Let the process run without stopping until the end of the cycle, ensuring safe projects. Take note of these important security application testing steps. Setup Linux for Security Application Testing Automation Linux is stable and flexible, allowing multiple software development solutions to be set up. Linux works with various tools, some of which require complex study. Upgrade the operating system to the latest version and understand how Docker works. Set up login permissions and security parameters for the Linux environment. Launch the tools required for security application testing but keep everything under control. Tool choices are extensive and rely on the selections you make as pacesetters. The list of tools includes the following: Katalon Studio : An all-in-one automation testing platform for web, API, mobile, and desktop applications,offering a user-friendly interface and robust features. LambdaTest : A cloud-based cross-browser testing platform that allows users to perform manual and automated testing on a scalable cloud grid. Travis CI : A continuous integration service that automatically builds and tests code changes, providing immediate feedback to developers. Appium : An open-source tool for automating native, mobile web, and hybrid applications on iOS and Android platforms. Robot Framework : A generic open-source automation framework for acceptance testing and robotic process automation (RPA), known for its keyword-driven approach. Jenkins : An open-source automation server that enables developers to build, test, and deploy applications, facilitating continuous integration and delivery. How to Use SAST, DAST, and IAST for Open-Source Software Security SAST uses a static testing approach when scripts and test launch mode remain constant. This method is known as static because it does not require the code to run. DAST is a dynamic method that tests from the front end through predesigned attacks. This method requires apps to run to detect and correct weak points. IAST combines several functionalities and identifies weak points in an entire running process. IAST tools interact with code and list its vulnerabilities in detail. Here are the steps for integrating each of these methods: Dynamic Application Security Testing (DAST) DAST works with various suitable tools and preprogrammed test scenarios. These tools are connected to the development environment through APIs . Launch the DAST open-source security tools libraries for the entire development phase. You may run it phase to phase through manual processes or automate everything. Static Application Security Testing (SAST) The SAST open-source software security testing solution launches several tools in the CI/D pipeline. Choose the right SAST tool and confirm it for automated testing and reporting. Create scan scripts to usetesting algorithms until the software is clean. This method starts sooner after the development lifecycle begins. Interactive Application Security Testing (IAST) Write the scripts and integrate the software library for the app under development. This tool contains sensor modules to monitor behavior as the app runs. It uses SAST and DAST capabilities to enhance testing and provide better results. Once launched, the method continually runs and slows down processes in the CI/CD task flow. Top Open-Source Security Tools for Automated Testing Many people ask, 'Is open-source software secure?' The answer is yes. Open-source software provides a strong security infrastructure. Additionally, open-source software security tools provide greater freedom and wider options. There are widely preferred open-source security tools on the market. SAST has a large library of tools with laser-sharp security features. Top among the tools is SonarQube, a platform built for performance and integrity. Codacy reviews code and reports on its excellent and weak parts. DAST performs perfectly in the OWASP ZAP and Nikto environments. OWASP ZAP tests web apps for vulnerabilities listed in the OWASP 10 framework. For vulnerabilities, Nikto scans servers, files, documents, and all software databases. IAST provides a hybrid environment that is partly SAST and partly DAST. One of its unique tools is Jtest, which is designed for static tests in a Java programming environment. Contrast Security, a platform that continually tests within the DAST system is another tool for this test. Select tools based on their scope and built-in security parameters. Understand what your project requires and the challenges you will encounter learning the tool. Its maintenance needs should not be complicated, and the budget should be modest. Best Practices for Automated Testing in Open-Source Development Always create test scripts and modularize them for continuous integration. Ensure the browser and platform are compatiblewith the testing environment and design your algorithms for automated testing. Create detailed scripts that can be reused throughout the development lifecycle. The testing environment should be secure, allowing you to maintain automated security tests. The online community within the open-source testing environment is important. Engage them to help you boost your security efforts and achieve better results. Data is the key pillar for successful open-source security testing, allowing teams to understand changes. Be keen on data quality, as compromised data will give you wrong ideas. Test the data to ensure it is compliant, but also test the tools to find vulnerabilities. Your current project needs do not compare with previous projects or competitor development needs. Your project is unique and requires carefully designed scripts. Final Thoughts: Building a Secure Open-Source Future with Automation Automated testing might look simple, but its impact on software development is huge. It speeds up the entire process and boosts security within the testing pipeline. This method reduces manual intervention by relying on automated scripts for continuous testing. Software developers should consider using these testing methods for productive workflow. Adopting one or several automated security testing methods creates an environment of efficiency and smooth task flow. . Community-driven software initiatives often face critical security flaws; leveraging automated testing tools on Linux substantially reduces these risks.. Automated Testing, Open-Source Tools, Security Scanners, SAST Framework. . MaK Ulac
Jan 31, 2025
•
Security Projects
79
automationLinux kernellinux kernelStreamline Kernel Development Using Ktest Automated Testing
Learn about ktest, a tool for making Linux kernel programmers' lives easier by automating certain aspects of Linux kernel testing. . In October 2010, Steven Rostedt announced on the LKML that he was working on a script called ktest.pl to automate certain aspects of Linux kernel testing. The script is aimed at individual kernel programmers testing their patch series, and provides an alternative to the Autotest framework, which is powerful but quite involved for one person to set up. This post will cover ktest's capabilities and requirements, and give concrete examples of how to use it in one specific environment, a single physical machine with a qemu VM run under virsh. The link for this article located at Oracle Linux Blog is no longer available. . Explore the ways in which ktest simplifies the process of testing the Linux kernel for developers, boosting effectiveness and output.. Automated Testing,Linux Kernel,Kernel Programmers,ktest,Testing Tool. . LinuxSecurity.com Team
Feb 12, 2021
•
Security Projects
74
software securityautomated testingdeployment strategiesStrategies For Secure Continuous Software Delivery And Testing
It. In continuous integration and deployment environments, teams integrate their development work continuously. Automated tests help to identify errors as work is completed, and these automated tests often include code analysts and functional testing . In today's software development world, robust strategies for secure software delivery are critical. Emphasizing CI and testing enhances efficiency and reliability in deployments.. Continuous Delivery, Secure Software, Automated Testing, Integration Practices, Deployment Strategies. . Dave Wreski
Aug 21, 2014
•
Network Security
79
application securityautomated testingproactive measuresProactive Application Security: Key Elements And Strategies
We most often hear of the security breaches due to cross site scripting and SQL injection attacks, after the related vulnerabilities have been successfully exploited. But what could we do to prevent such attacks occurring in the first place?. A comprehensive security program and team will not only provide reactive measure to incidents and exploits, but also actively work with the in-house information systems teams to build in a proactive software security posture. An effective application security program to proactively build secure code for information systems and software, relies most often on 2 types of automated security testing: static security scan testing and dynamic security scan testing. The link for this article located at CSO Online is no longer available. . This piece delves into essential components for implementing forward-thinking application security measures and assessment methodologies.. Proactive Security Strategies, Automated Testing Tools, Application Security Techniques. . LinuxSecurity.com Team
Jan 03, 2014
•
Security Projects
79
security testingautomated testingtest case optimizationEnhance Security Testing Effectively Using Tmin Test Case Tool
Tmin is a simple utility meant to make it easy to narrow down complex test cases produced through fuzzing. It is closely related to another tool of this type, delta, but meant specifically for unknown, underspecified, or hard to parse data formats (without the need to tokenize and re-serialize data), and for easy integration with external UI automation harnesses. Give this fuzzer a go and let us know what you think! Included in the article is a sample "hello world" script to fuzz "hello world" code, if that makes any sense. Why not check out the article to see what I mean?. The link for this article located at Darknet.org is no longer available. . Tmax serves as a resource for enhancing test scenarios within automatic security assessment, particularly for intricate data structures.. Test Case Optimizer,Fuzzing Tool,Automated Security Testing,Data Format Optimization. . LinuxSecurity.com Team
May 21, 2008
•
Security Projects
77
testing methodssecurity toolsapplication testingExploring Effective Application Testing Tools And Techniques
Web application security is interesting to test, in particular because, unlike most network and operating system testing, most web applications are custom-built. Even when they’re not custom-built, there’s enough diversity out there that simply looking for known problems isn’t good enough. You need to review the application itself. . At one of my previous employers, we had a good system for reviewing all web applications with a couple of commercial scanner tools; applications could not be deployed into production until the results of those scans were acceptable. Application scanners do not, of course, catch everything — there are always esoteric conditions that are easily missed in automated tests. Manual testing has an important place in assessments. Automated testing, though, does have a number of advantages. The link for this article located at Caffinated Security is no longer available. . Thorough security evaluation of web applications necessitates both automated tools and human-led assessments to guarantee strong protection against unrecognized threats.. Web Application Testing, Security Tools, Application Scanning. . LinuxSecurity.com Team
Mar 09, 2006
•
Server Security
74
security measuressecurity assessmentpenetration testingAutomated Penetration Testing: Risks And False Security Considerations
The security industry has matured quickly over the past few years with penetration testing becoming one of the norms for organisations adopting best-practice processes. Loosely defined as the process of actively assessing an organisations security measures and completely reliant on consultancy services, security manufacturers have been eager to bridge the gap between product and service and more importantly to reap the benefits of additional profits. Not surprisingly, we have seen the emergence of the automated penetration test with a number of providers springing up to fill the sector. . . .. The security industry has matured quickly over the past few years with penetration testing becoming one of the norms for organisations adopting best-practice processes. Loosely defined as the process of actively assessing an organisations security measures and completely reliant on consultancy services, security manufacturers have been eager to bridge the gap between product and service and more importantly to reap the benefits of additional profits. Not surprisingly, we have seen the emergence of the automated penetration test with a number of providers springing up to fill the sector. The main advantages cited by these providers are that they are faster and significantly cheaper than traditional security assessments performed by consultants using a range of tools. With such promises, it has been little wonder that the security industry has seen a new trend evolving and a movement away from the traditional approach to the automated one has become apparent. However, although the benefits sound reasonable enough it is arguable that in fact those organisations pursing this fashion have actually acquired a solution that provides only part of the penetration testing process; they have in truth bought into a false sense of security. In these times of limited budgets and cost constraints, anything that reduces outlay has been welcomed, but obviously only if it's actually fulfilling the requirement. So when considering the meritsof both automated and traditional penetration testing, organisations must begin by considering the range of activities available via either approach. These days, penetration testing (or more accurately, security assessment) covers a range of activities, with the full spectrum of prior knowledge (white-box), from none to complete and all the combinations in-between. A thorough security assessment also includes elements of architectural review, security policy, firewall rulebase analysis, application testing, and general benchmarking against industry and manufacturer best practise. This will result in a comprehensive report that is tailored to the specific requirements of the organisation that has commissioned the project. The link for this article located at ebcvg.com is no longer available. . Automated penetration testing is efficient and cost-effective, but over-reliance on it can create a false sense of security, risking significant vulnerabilities.. Penetration Testing, Automated Security Assessments, Risk Evaluation, Security Consulting. . Anthony Pell
Aug 10, 2004
•
Network Security
74
Red Hat Linuxnetwork assessmentNessusNessus: Effective Network Security Assessment On Red Hat Linux
As it says in the Bible in Hezekiah 5:10, "The one who sets the plan in motion, but verifies it not, is worse than a fool." Okay, you know that there's no book of Hezekiah in the Bible. But, the statement is accurate, especially as it pertains to verifying the state of our security. And verification does not take an advanced science degree.. . .. As it says in the Bible in Hezekiah 5:10, "The one who sets the plan in motion, but verifies it not, is worse than a fool." Okay, you know that there's no book of Hezekiah in the Bible. But, the statement is accurate, especially as it pertains to verifying the state of our security. And verification does not take an advanced science degree. NetSec Letter #18, 10 April 2002 Using Network VATs for Verification Fred Avolio, Avolio Consulting, Inc., / As it says in the Bible in Hezekiah 5:10, "The one who sets the plan in motion, but verifies it not, is worse than a fool." Okay, you know that there's no book of Hezekiah in the Bible. But, the statement is accurate, especially as it pertains to verifying the state of our security. And verification does not take an advanced science degree. (After teaching three classes for NASA Kennedy Space Center, I've shied away from saying, "not rocket science.") All it takes is a plan and a tool. The Importance and Ease of Verifying Years ago, when I was in the firewalls business, I sent someone on an installation job. The customer was replacing a packet-filtering firewall with our more robust application gateway firewall. Unlike today, when everyone has detailed specific, up-to-date, and relevant policies, the customer did not have a security policy, besides the Primordial Security Policy (see NetSec Letter #17, NetSec Letter #17, 4 March 2002 ). In the process of gathering firewall-specific policies, the installer asked, "Do you permit outbound FTP requests?" To which he got the reply, "No." The installer sat down at a screen, typed in the FTP client command "ftp ftp.uu.net" and found indeed they *did* permitit. The written policy or the policy in the administrator's head did not permit it, but the policy as implemented did. All it took to verify the policy was typing that one command. Yes, it is really more involved than that. To be thorough, one would have to test every network port. To do that, you use an automated tool. There are commercial tools such as ISS's Internet Security Scanner () and freely available tools like NMAP (https://nmap.org/) and Nessus (https://www.tenable.com/ You aim these scanners at the system or systems you wish to test, and pull the trigger. They automatically scan ports, look for known vulnerabilities. A note of warning: running scanners against systems is considered a hostile act, and in some places is a criminal offense. Don't think of scanning a computer that you don't own, or for which you are not responsible, or that you have not been hired to scan. Using Nessus Recently, my company took on the task of assessing the vulnerability of a web server. There is more to a vulnerability assessment than running a scanner and interpreting the results, but this is part of what we did. We used Nessus running on Red Hat Linux and were very happy with the results. First, we started with a plan, and so should you. All I mean by this is, know what you are testing. Know what should be there. If you are testing an FTP server and you find and FTP listener running on port 21, it is not a surprise. If you know you are testing a web server, and you were told that it is only used for web-related services, you should be surprised to find running listeners for SMTP (e-mail), and TELNET (terminal services). Nessus can use NMAP, as well as other tools, for port scanning. It also comes with "plug-ins" -- add-on tools that test and look for known vulnerabilities. There are 900 plug-ins in the database in 22 areas. It will produce a report, complete with graphs, lists of vulnerabilities found (classifying them as "high," "serious," "medium," and "low"), and explanations of what it found. Youmay also specify how far Nessus will go in its testing. We set it in "safe" mode. This directs Nessus to not attempt to exploit indicated vulnerabilities. In this installation, Nessus found ports running services we did not expect. The written and verbal information we received did not indicate they should be running. It also found a directory with example CGI scripts -- some exploitable. It reported old, potentially vulnerable, versions of software, a potential vulnerability in a particular server, and server banner responses that give out too much information (for example, "220 ProFTPD 1.20pre1 Server"). When the scanning was done, we were not finished. We still had to look at the report to see if it was accurate, and convey to the client what items were really important to deal with immediately, what might be false positives -- with suggestions for "manual" verification steps, and what could be ignored -- and why. Next Steps Verifying security is as important as initially planning and implementing it. And verification should be on going -- a never-ending process. Our final recommendation to our client was this: "After addressing the concerns herein, scan the site monthly to see if the security posture changes, and account for those changes (or address them)." Promotions, Self and Otherwise There are 3 columns I wrote for WatchGuard Technologies I have not mentioned to you before. The first, from their "Foundations" series is "What Are Intrusion Detection Systems (IDS)?" at WatchGuard LiveSecurity: Foundations: What Are Intrusion Detection Systems? . The second, "Security Tokens: Why Aren?t You Using Them?" at . And the third is "Basic IP Router Security" which you can find at WatchGuard LiveSecurity: Editorial: Basic IP Router Security . While doing some research for a class I am developing, I came across this short article from *CIO Magazine*: "How to make a firewall sandwich," . Ron DuFresne has an interesting paper on his website entitled " Extrusion Detection Systems; the art ofnetwork monitoring." You may find it at https://saw.com/buy-domain May 6 and 7 in Las Vegas, Dave Piscitello, Joel Snyder, and I will again be presenting our two VPN classes, "Introduction to VPNs" and "VPN Design and Deployment." See Frederick M. Avolio - 2005 Speaking and Teaching Calendar for information about these and other courses. On May 30, I'm delivering the 11AM Keynote address at the eSecurity conference ( ). The title is "Network Security: It's Not Just for Security Guys Anymore." I'll also be at CSI's NetSec 2002 in San Francisco in June ( ). I'll deliver a talk on wireless security, another on how to secure your web (or any other) server, and will teach my 2-day "Tools and Techniques" class ( Tools and Techniques for the Network Security Practitioner ). . As it says in the Bible in Hezekiah 5:10, 'The one who sets the plan in motion, but verifies it not,. bible, hezekiah, motion, verifies. . Anthony Pell
Apr 11, 2002
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More