logo
#

Latest news with #QA

Container Security Testing: QA Strategies For Kubernetes And Beyond
Container Security Testing: QA Strategies For Kubernetes And Beyond

Forbes

time16-07-2025

  • Forbes

Container Security Testing: QA Strategies For Kubernetes And Beyond

Margarita Simonova is the founder of It should come as no surprise that container orchestration platforms like Kubernetes now dominate production environments. Their ability to offer scalability, high availability, standardization, efficiency and automation makes them essential. But with this popularity comes the responsibility of quality assurance (QA) teams to enforce robust security solutions to safeguard these platforms. Securing container platforms involves such activities as scanning images, validating configurations and simulating attacks. In this article, we will take a close look at these practices so we can ensure that our container security is rock solid. Image Scanning The first activity that QA teams can perform is scanning container images for known vulnerabilities. Containers can include a number of weaknesses such as hardcoded credentials, outdated software libraries and packages with known vulnerabilities. Scanning can help weed out these issues before and after the deployment of containers. Image scanning works by first unpacking the images by layers. Then it can inspect files, OS packages and libraries to make matches against the common vulnerabilities and exposures (CVE) database. If vulnerabilities are found, containers can be flagged as not meeting security thresholds. Some popular image-scanning tools include Trivy, Clair and Anchore. With these tools in your CI/CD pipeline, you can automatically detect vulnerabilities. It's important to start scanning as early as possible in the CI/CD process. Integrating security early on in the process is referred to as 'shifting left' and involves starting to scan from base images and any included dependencies. It's also critical to keep scanning even after deployment because new vulnerabilities are always being added to the CVE. With a regular image-scanning schedule and a tool that is continually updated, your container security testing habits will be off to a great start. Validating Configurations In addition to scanning container images for known vulnerabilities, it is also crucial to check for proper configurations. Improperly configured containers can open an organization up to a wide range of issues. First of all, misconfigurations can lead to security risks, which may result in data leaks. Misconfiguration can also lead to stability issues, such as resource exhaustion that slows or halts a system. One more issue is noncompliance, which can result in failing to comply with standards such as NIST benchmarks. There are several common areas to check for misconfigurations in a containerized environment. First are container-level configurations, such as the use of privileged mode, missing definitions for resource limits, read-only root file systems and hardcoded secrets in ENV variables. At the image level, some configurations to check include whether trusted base images are signed, whether the OS layer is minimal and whether there are no multistage builds or latest tags. Orchestration-level configurations that need to be checked include network policies, namespace isolation and whether audit logging is enabled. One more issue relates to configuring security controls, including whether containers are running as root, whether SSL has been enabled and whether secrets are being properly managed. A good way to address configuration errors is to adopt a declarative policy-as-code (PaC) framework. This means turning policies into a machine-readable format that can be applied during development, deployment and runtime. PaC can enforce consistency, transparency and the auditability of policies. Two popular PaC tools are Open Policy Agent and Kyverno. These tools help enforce best practices, such as using non-root containers, following the principle of least privilege, checking for network segmentation and failing builds that violate policies. Simulating Attacks Penetration testing (pentesting) for container orchestration goes beyond just scanning for vulnerabilities; it actually simulates an attack by exploiting found vulnerabilities. This type of invasive test is useful because it uncovers critical weaknesses that may have slipped through an organization's other controls. It also lets a container administrator see how their entire ecosystem is viewed externally from the viewpoint of an attacker. That includes any reconnaissance an attacker would perform through open-source intelligence or direct social engineering simulations on employees. When pentesting container orchestration, some Kubernetes-specific issues need to be looked out for. To start, misconfigured role-based access control (RBAC) and authentication can be a big issue. Pentesting can try to enumerate service accounts and roles, check for over-privileged cluster-admin access, exploit the impersonate verb on roles and attempt token theft. Another issue is API server exposure. To address this, pentesting can check for open authentication endpoints or try to bypass namespace boundaries. One more big threat is insecure etcd access because the entire Kubernetes cluster state is stored there, including secrets. Pentesting can try such actions as getting into etcd without authentication, attempting to extract secrets and trying to perform write operations. A pentest will further attempt to gain persistent access to a network once it has found a vulnerability to exploit. When performed by a professional third-party organization, a comprehensive report will be given at the end that offers advice on patching the container orchestration and often includes follow-up tests that can be performed once recommended actions have been taken. Why It's Timely With 90% of organizations running containerized workloads by 2025 and supply-chain attacks on the rise, QA teams need specialized container security testing to prevent breaches and ensure compliance. The threat landscape is only growing larger as attackers use more sophisticated tools and artificial intelligence (AI) to become even more dangerous. Organizations will need to step up their game to always stay one move ahead of threat actors. This will involve thorough testing and using even more sophisticated tools than attackers have access to. This will be especially important for organizations that operate in industries with strict regulatory and compliance pressures. Conclusion By paying attention to the aspects of container security covered here (image scanning, validating configurations, simulating attacks), QA teams can be assured that they are following best practices to keep container orchestration as secure as possible. So, let's take a proactive approach to security and follow these guidelines to keep our container orchestration operating smoothly and without interference from threats. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Good business under pressure: Why quality must always matter
Good business under pressure: Why quality must always matter

Fast Company

time10-07-2025

  • Business
  • Fast Company

Good business under pressure: Why quality must always matter

Economic uncertainty is nothing new, but for manufacturers, the stakes are amplified by the sheer complexity of producing goods, sourcing materials, managing supply chains, and maintaining competitive cost structures. Whether it's tariffs and trade policy, changing regulatory requirements, or new geopolitical tensions, external conditions can shift suddenly, making an already intricate business even harder to navigate. In these moments, organizations often look inward to control what they can. Budgets are scrutinized. Processes are streamlined. Resources are reallocated. But one thing that should never be compromised—no matter the pressure—is quality. When margins are tight and uncertainty looms, the cost of poor quality can be particularly damaging. Quality lapses—such as product defects, process inefficiencies, or material waste—don't just impact production numbers. They can compromise safety, risk non-compliance, erode customer trust, and cause lasting damage to a brand's reputation. In highly regulated sectors like pharmaceuticals, food and beverage, and consumer goods, poor quality can mean more than lost profits—it can mean safety violations, recalls, or even threats to public health. When businesses respond to external stress by cutting corners, the hidden costs compound quickly. QUALITY IS A SHARED RESPONSIBILITY Manufacturing companies that take quality seriously know it's not the responsibility of a single team. While quality assurance (QA) and quality control (QC) are essential functions, real operational excellence is achieved when quality becomes part of the organizational DNA. Everyone—from IT and engineering to operations, procurement, and frontline supervisors—has a role to play in maintaining and improving quality. Problems don't always originate where they're detected. The right quality mindset enables companies to trace issues to their root causes and solve them systemically. But a shared commitment to quality doesn't happen automatically. It requires leadership to create a culture of continuous improvement—one that rewards attention to detail, values learning, and ensures teams have the right tools and processes to prevent problems before they escalate. BUILD STRATEGY AROUND OUTCOMES A common pitfall in quality management is letting tools drive the strategy, rather than defining business outcomes first. With so many models and technologies available—statistical process control, digital quality management systems (QMS), MES-integrated quality workflows—it's easy to become enamored with capabilities before clarifying what you're trying to achieve. Instead, manufacturers should first define their desired outcomes. Are you trying to reduce rework? Improve yield? Ensure regulatory compliance? Reduce material waste? Improve customer satisfaction? When goals are clearly articulated, it becomes easier to evaluate which tools and approaches will best support those goals. It also keeps organizations grounded in practical value, minimizing the risk of implementing overly complex or poorly adopted systems that solve the wrong problem. PROCESSES FIRST, THEN TOOLS Technology plays a critical role in modern quality management, but it's only as effective as the processes and expectations around it. Without clearly defined workflows and accountability structures, even the most advanced quality system will fall short. The goal should be to combine strong processes with enabling technologies—such as real-time monitoring, integrated traceability, and exception-based alerts—so that teams can detect and correct quality issues before they result in downstream impact. Technology should augment human decision-making, not replace it. For example, visual inspections on the shop floor can be enhanced with automated data capture, predictive alerts, and trend analysis. When teams have better context, they make better decisions. But that requires both the data and the discipline to act on it consistently. CONSISTENCY BUILDS CONFIDENCE When quality is well managed, the benefits are tangible. Manufacturing becomes more predictable. Resources are used more effectively. Operators and engineers gain confidence in their systems, reducing stress and improving morale. That confidence extends to customers as well. In competitive markets, reputation matters, and consistent quality is one of the clearest signals of operational excellence. Conversely, when products fail to meet expectations, trust erodes quickly. The right quality program also improves resilience. Manufacturers can't control macroeconomic or geopolitical disruptions, but they can ensure that the parts of the business they do control—like execution, output, and compliance—are operating at their best. CONTINUOUS, NOT STATIC Too often, quality management is treated as a compliance box to check or a one-time project. But like safety and innovation, quality must be continuously pursued. Processes should be evaluated regularly. KPIs should evolve with the business. Teams should be encouraged to identify inefficiencies and share solutions. Manufacturers that do this well don't see quality as a defensive measure—they see it as a competitive differentiator. It enables them to scale efficiently, launch products faster, and reduce total cost of ownership across their operations. The manufacturing world will always face external pressure—from new regulations to cost fluctuations to customer demands. But quality is one of the few levers leaders can fully control. Investing in quality, even under pressure, is not about perfection; it's about preparedness. It's a mindset that says: 'No matter what happens around us, we will not compromise on what we can do best.'

Peak Claims Group Launches Internal AI-Powered Flood Support App to Enhance Adjuster Accuracy and Compliance
Peak Claims Group Launches Internal AI-Powered Flood Support App to Enhance Adjuster Accuracy and Compliance

Business Wire

time09-07-2025

  • Business
  • Business Wire

Peak Claims Group Launches Internal AI-Powered Flood Support App to Enhance Adjuster Accuracy and Compliance

MOBILE, Ala.--(BUSINESS WIRE)--Peak Claims Group, Inc., has officially implemented its Flood Support App across internal teams, including Field Adjusters, QA, and Management. This tool, developed and trained over 24 months, is designed to assist with real-time decision-making during the handling of NFIP flood claims. The Flood Support App uses a custom-trained AI model to help adjusters confidently navigate the strict guidelines imposed by the National Flood Insurance Program (NFIP). The app provides 24/7 scenario-based support, helping reduce documentation errors, improve file accuracy, and shorten cycle times. Closing the Gaps in NFIP Claims Handling Flood claims under the NFIP are fraught with challenges: Detailed Proof of Loss submissions must be timely, complete, and policy compliant. Adjusters must interpret Flood Insurance Policy language precisely. Policies often exclude common perils or contain nuanced ICC and building code provisions. Private insurers administering these policies must comply with federal FEMA time standards without fear of bad faith litigation, placing the compliance burden heavily on the adjuster. FEMA has repeatedly flagged quality control failures and documentation inconsistencies in prior catastrophe reviews. Peak's Flood Support App was developed to reduce these issues before they arise. A Tool Purpose-Built Our field adjusters, QA and management now have: Instant access to guidance on Proof of Loss and policy interpretations to ensure adherence to the NFIP Claims Manual. Step-by-step workflows for Loss Avoidance Measures and ICC provisions. Real-time insight into advance payment thresholds and documentation requirements. QA checklists integrated with FEMA's RCQC and Operation Review standards to reduce audit flags. 'Our team spent two years training this model on real NFIP scenarios, with input from experienced federal and private-sector professionals,' said Justin Cook, COO at Peak Claims Group. 'It's a behind-the-scenes tool that sharpens our execution, minimizes human error, and ultimately leads to a better experience for policy holders.' Built for Accuracy. Designed for Speed. By giving field adjusters and QA reviewers direct access to expert-level decision support, the app improves file turnaround and reduces the need for rework and supplemental claims. The result: consistent compliance with SFIP regulations and NFIP published guidance, improved trust with carrier partners, and fewer escalations. Want to Learn More? While this tool was built for Peak Claims Group's internal use, we welcome conversations with IA firm peers, insurers and industry partners interested in seeing how it works.

QA resumes Malta operations with four weekly flights
QA resumes Malta operations with four weekly flights

Qatar Tribune

time02-07-2025

  • Business
  • Qatar Tribune

QA resumes Malta operations with four weekly flights

Tribune News Network DOHA Qatar Airways (QA) on Wednesday resumed operations in Malta with four non-stop flights a week between Hamad International Airport (DOH) and Malta International Airport (MLA). The latest addition to the airline's network in Europe affirms its commitment to maintaining global connectivity. Malta is home to Valletta, its capital city declared a UNESCO World Heritage Site, and Mdina, its old capital with more than 4,000 years of history. With 300 days of sun, the country invites travellers to explore its sun-drenched coasts, rich history, and cultural experiences. Qatar Airways Chief Commercial Officer Thierry Antinori said, 'Qatar Airways remains at the forefront of supporting global connectivity with its resumption of operations in Malta. As the only airline in the Middle East with non-stop services to and from Malta, we deliver convenient travel experiences to our passengers who seek to enjoy the vibrant nature of Malta and its landscape. We welcome global travellers to travel seamlessly and conveniently with the World's Best Airline, through its home and hub, the award-winning Hamad International Airport.' Malta International Airport CEO Alan Borg said, 'The return of Qatar Airways as one of our airline partners is a welcome addition to our schedule, contributing to our efforts to expand our connectivity. A testament to our industry's resilience, we remain committed to facilitating the airline in increasing its operational growth in the region.' Malta Tourism Authority CEO Carlo Micallef said, 'We welcome the resumption of the Qatar Airways direct service between Doha and Malta. Qatar Airways' return signifies a strong recognition of Malta's tourism potential. The new schedule will strengthen Malta's connectivity with a variety of attractive and lucrative tourism source markets, and the Malta Tourism Authority remains fully committed to working in partnership with the airline to maximise business opportunities for Malta while ensuring the route's sustained long-term success.' QA flight to Malta (MLA) Departing every Wednesday and Friday:  Doha (DOH) to Malta (MLA) – Flight QR381: Departure 02:05; Arrival 06:45  Malta (MLA) to Doha (DOH) – Flight QR382: Departure 10:15; Arrival 16:20 Departing every Monday and Saturday:  Doha (DOH) to Malta (MLA) – Flight QR383: Departure 08:45; Arrival 13:25  Malta (MLA) to Doha (DOH) – Flight QR384: Departure 17:05; Arrival 23:10

QA and Kenya Airways ink strategic partnership deal
QA and Kenya Airways ink strategic partnership deal

Qatar Tribune

time01-07-2025

  • Business
  • Qatar Tribune

QA and Kenya Airways ink strategic partnership deal

Tribune News Network DOHA Qatar Airways (QA) and Kenya Airways have signed a Memorandum of Understanding (MoU), confirming the intention to enter a strategic partnership which will include a comprehensive codeshare agreement and increased flights between the East African state and QA's award-winning Doha hub, Hamad International Airport. The MoU signing took place on Monday in Doha between Qatar Airways Group Chief Executive Officer, Engr. Badr Mohammed Al-Meer and Kenya Airways Group Managing Director and CEO, Allan Kilavuka. The partnership will see Qatar Airways introducing a third daily frequency between Doha and Nairobi in codeshare with Kenya Airways, with flights due to be available for booking over the coming days. The new offering will be complemented by the launch of Kenya Airways operated, and Qatar Airways marketed, flights between Mombasa and Doha during the coming winter season. The two airlines will also codeshare on both networks to offer seamless connections and greater choice for travellers from around the world. Additionally, both Qatar Airways and Kenya Airways will look to develop collaboration in other parts of the business, including cargo, airport and ground services, product development, loyalty programmes, procurement as well as maintenance, repair and overhaul. Engr. Badr Mohammed Al-Meer said: 'This partnership is yet another demonstration of our deepening ties with the African region. Today's agreement – which comes as we celebrate 20 years of flying to Kenya – is coupled with our recognisable record of partnerships across the continent, most recently through our investment in Airlink. Our growing collaboration with our African counterparts ensures that Qatar Airways continues to contribute to the continent's rapidly evolving aviation and economic ecosystem.' Allan Kilavuka, said: 'This partnership perfectly aligns with our airline's robust turnaround strategy, which saw Kenya Airways' return to profit for the first time in more than a decade earlier this year. The collaboration will also help expedite Kenya Airways' efforts to boost tourism and air cargo activities, turning these and others into pivotal economic growth propellers for Kenya and the East Africa region.' The partnership highlights two leading airlines collaborating to bring excellence to their global community of travellers. Kenya Airways, for the fourth consecutive year, has been recognised as Africa's Leading Airline and Business Class by the World Travel Awards 2025. Qatar Airways – the only five-star global airline based in the Middle East and the reigning World's Best Airline as voted by Skytrax in 2025 – offers over 170 weekly flights to 30 cities across Africa. Over the past year, Qatar Airways has also optimised its schedule in most African destinations to improve connectivity to key destinations, including Brussels, Guangzhou, London, New York, and Washington through its award-winning hub, Hamad International Airport.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store