http://www.eweek.com/security/how-shopify-avoided-a-data-breach-thanks-to-a-bug-bounty
By Sean Michael Kerner
eWEEK.com
December 17, 2018
Breaches occur on an-all-too-frequent basis, but what is often never
reported are the breaches that don't happen, thanks to organizations
taking rapid, proactive measures. One such incident was outlined by
Shopify at KubeCon + CloudNativeCon NA 2018 last week.
Thanks to a bug bounty program and the support of its vendor partner
Google, Shopify was able to avoid a potentially disastrous flaw that could
have enabled an attacker to take over Shopify's Kubernetes cluster.
Shopify provides an e-commerce platform that allows vendors to sell goods
and services. The platform is hosted on the Google Kubernetes Engine
(GKE), which provides a hosted version of the open-source Kubernetes
container orchestration platform.
"If you're not familiar with Shopify, we've got about 600,000 businesses,
so there's a good chance that you've purchased something from us without
even realizing it," Shane Lawrence, security infrastructure engineer at
Shopify, said. "We processed about $26 billion last year, and during peak
hours we get approximately 80,000 requests per second."
Shopify runs entirely on GKE, said Lawrence; the reason his company chose
Kubernetes is to be able to rapidly respond to scaling demands like the
recent Black Friday and Cyber Monday shopping events.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
