Collaborate Disseminate
In order to scale application security (AppSec) to meet the pace of the software feature development, AppSec must engage developers with new workflows that balance security and productivity. In order to meet this challenge, today we are announcing new … Continue reading What AppSec Can Learn From Developers’ Feature Bug Workflows
Today we are thrilled to announce a new $20M round of Series B funding. Thomvest Ventures led the round and was joined by new investor SineWave Ventures. Our existing investors, Bain Capital Ventures and Mayfield Ventures, also participated in the Ser… Continue reading ShiftLeft Raises $20 Million in Series B Funding
Today we’re announcing the general availability of our continuous application security service for the .Net Framework (.Net). .Net developers can now leverage the highest ever benchmarked source code analysis [1] to automatically create… Continue reading ShiftLeft for .Net
First-principles thinking is one of the best ways to reverse-engineer complicated problems and unleash creative possibility. Sometimes called “reasoning from first principles,” the idea is to break down complicated problems into basic eleme… Continue reading The Need for Real-World Runtime Protection Benchmarking
Nexmo has confirmed that their 3.4.0 SDK contained the Jackson-databind vulnerability that we announced earlier this week as widespread amongst SaaS SDKs.
The deserialization vulnerability can be escalated into remote control execution (RCE) by tr… Continue reading Deserialization Vulnerability Confirmed in Nexmo 3.4.0 SDK
Fabian Yamaguchi, Niko Schmidt & Marco Bartoli of ShiftLeft recently presented on our efforts to build a zero-day vulnerability machine at OffensiveCon. You can watch their presentation below.
FIELD REPORT ON A ZERO-DAY MACHINE
Make no mistake… Continue reading OffensiveCon 2018: Building a Zero-Day Machine
If data leakage isn’t the fastest growing problem in AppSec, I don’t know what is. In our experience, 100% of customer environments are leaking data. The adoption of microservices, combined with increasingly shorter development cycles, mea… Continue reading Your App is Leaking Data, Its Just a Question of How Badly
If you’ve implemented, or are implementing, a DevSecOps program, we’ve come up with several questions to consider below. By posing these questions, we hope to help spur new ideas and help identify areas for improvement. We’re also ho… Continue reading 7 Questions to Ask About Your DevSecOps Program
Since the 1990s there have been three logical phases of cloud adoption, from pioneering to mass adoption and managing. Effectively, the success of each phase led to the next phase, and we are in the management phase today. However, it’s the prob… Continue reading What the Next Era of Cloud Computing Means for AppSec & the SDLC
Just as widespread cloud application adoption has led to the emergence of cloud-centric management tools (Okta, New Relic, Mulesoft, etc.), as the DevOps movement reaches ubiquity, the need for DevSecOps becomes more acute. However, with so many vendor… Continue reading Six Requirements for Achieving DevSecOps