Showing results for tag Security

Improve Application Security and Prevent Data Loss with Gloo API gateway 

Many publicly facing applications are designed to connect businesses with their customers and partner ecosystem to manage their accounts, fulfill purchases and process transactions that use personally identifying and financial information or other sensitive data. With that in mind, we’ll dig into the role of an API gateway to improve security with features to prevent […] Engineering | April 28, 2020
Read More

Gloo Security Update for Envoy Proxy CVE-2020-8659, CVE-2020-8661, CVE-2020-8664, CVE-2020-8660

  Yesterday, Envoy Proxy announced version 1.13.1 and 1.12.3 to address four CVEs ranging from severity medium to high. Gloo Open Source versions 1.3.11 and 1.2.23 and Gloo Enterprise versions 1.3.0-beta4 and 1.2.10 have been released and include the latest version of Envoy Proxy with CVEs addressed. We recommend that all end users upgrade to […] Engineering | March 4, 2020
Read More

Custom Auth Plugins for Envoy based API Gateway

At, Gloo is our cloud-native, next-generation API Gateway built on Envoy Proxy and runs natively on Kubernetes (and Consul, and elsewhere). Gloo has been built from its foundations to be extensible and pluggable, from the proxy itself to the control plane. One aspect of extensibility we often hear from our users and customers is […]

Christian Posta | November 5, 2019
Read More

Gloo Security Update to Address Envoy Proxy Denial-of-Service CVE

Yesterday, Envoy Proxy announced Envoy version v1.11.2 addressing two CVEs where denial of service by remote attackers is possible through over consumption of memory, CPU and abnormal process termination to the proxies. Gloo Open Source 0.20.4 and Enterprise 0.20.2 have been released and include the latest version of Envoy with CVEs addressed. We recommend that […] Engineering | October 9, 2019
Read More

Webinar Recap — Zero Trust Networks for Securing Microservices with API Gateways

This week we hosted our first of two security webinars following the introduction of new product features focused around improving the security posture and reducing the risk exposure of microservices environments. Rick Ducott, our Director of Engineering spoke this week about how API Gateways can be used in microservices architecture to deploy a zero trust […]

Betty Junod | September 27, 2019
Read More

Envoy Proxy as Web Application Firewall (WAF)

Gloo’s custom filter for Envoy enables Web Application Firewall This blog series “5 Minutes with Gloo” will dig into a single feature, what it is used for and how to use it. In this post, we’ll continue our dive into security by looking at how Gloo API Gateway can be used as a Web Application […] Engineering | September 5, 2019
Read More

Envoy Proxy — high severity vulnerabilities that can lead to exposure of unauthorized services.

Overview Two vulnerabilities have been discovered in the Envoy proxy that can potentially allow unauthorized access to backend resources. They are classified as of high severity according to the CVSS methodology and immediate action is needed. CVE-2019–9900 (CVSS score 8.3) When parsing HTTP/1.x header values, Envoy 1.9 and before does not reject embedded zero characters (NUL, ASCII […] Engineering | April 5, 2019
Read More

5 minutes with Gloo — OIDC

Configuring Gloo and Envoy to use OIDC (OpenID Connect) In this series of Blogs titled ‘5 minutes with Gloo’, we’ll introduce some of the Gloo and Gloo Enterprise functionality in a summarized form. It should only take you 5 minutes to understand the feature we’re presenting, and if you’re willing to try it yourself, it […] Engineering | March 15, 2019
Read More