Akond Rahman

icon indicating an email [email protected]

icon location Dhaka, Bangladesh icon location Security Researcher

Results 5 comments of Akond Rahman

Security Misconfiguration: Use of HTTP Without TLS

We also have noticed an instance of HTTP without TLS/SSL in one of your Kubernetes manifests. The recommended practice is use of secure HTTP for each team's development and production...

Possible security issue: hard-coded password

We will update our scanner. Thanks for the feedback.

Three security smells: use MD5, binding to 0.0.0.0, and empty passwords

I also noticed instances of binding to 0.0.0.0. Binding an address to 0.0.0.0 indicates allowing connections from all IP addresses. I would like to draw attention to these instances. Binding...

Three security smells: use MD5, binding to 0.0.0.0, and empty passwords

Along with the two security smells I also noticed instances of empty passwords. Empty passwords increase the guessability of passwords. The Common Weakness Organization (CWE) identifies use of empty passwords...

Security Misconfiguration: Absent Security Context and Use of HTTP Without TLS

Dear Colleague, We are looking to find ways to help developers find security misconfigurations, i.e., violation of security best practices in Kubernetes manifests. We have noticed an instance of HTTP...