Collaborate Disseminate
XStream Vulnerabilities — Detection & Mitigation
Looking at RCEs in the XStream Java Library and How you can prevent them
Introduction
XStream from ThoughtWorks is a simple library to serialize and deserialize objects in XML and JSON format. Compa… Continue reading XStream Vulnerabilities — Detection & Mitigation
The inspiration for this blog came from my recent preparation for an office hour on ShiftLeft Build Rules and Policy Language. Please note that this blog is based on my personal experimentation and doesn’t represent any official roadmap/direction of th… Continue reading Decouple your ShiftLeft AppSec policies with Open Policy Agent
Application Security for builders and creators — part 2
Previously on Application Security for builders and creators — Alice and Bob wanted to build a vaccine passport app with go micro-services and a React UI. Claire suggests the team to engineer secu… Continue reading Application Security for builders and creators — part 2
Meet Alice and Bob
Alice and Bob work for an exciting data analytics startup that is disrupting the healthcare tech space. You might have heard their names as they are well known in the security industry for building apps that are secure by design. As … Continue reading Application Security for builders and creators
Security Code Review of a Banking Trojan — Cerberus
Over a year ago, I started hearing about this new Banking Trojan called Cerberus. The author of this malware reportedly used to ridicule security researchers on social media as per thehackernews.com a… Continue reading Security Code Review of a Banking Trojan — Cerberus
DevSecOps with Bitbucket
This article was originally published at ShiftLeft Blog.
In my inaugural post on DevSecOps with GitHub, I made an assertion that achieving good productivity is a continuous journey and a shared responsibility. While technology … Continue reading DevSecOps with Atlassian Bitbucket
GitHub & DevSecOps Productivity Tips
This article was originally published at ShiftLeft Blog.
My colleague Andrew Fife wrote about our passion to focus on developer experience and productivity with our NextGen Static Analysis platform. Productivity… Continue reading DevOps productivity series — GitHub for DevSecOps
“Open source is bad since it’s full of security vulnerabilities, unmaintained dependencies and poor documentation,” said this security vendor as they began their opening speech before delving into their product that offered open sourc… Continue reading Thoughts on the state of enterprise open source
This blog was originally published at blog.shiftleft.io
Imagine you are a Development Manager or a DevSecOps leader in your organization thinking about AppSec.
Having an open conversation about application security with your team is like having th… Continue reading (Re)Introduce application security to your team
Security Compliance Reports with ShiftLeft Scan
This blog was originally published at https://blog.shiftleft.io.
9:00 am
9:00 am — Start of your day
Picture this scenario. You are a Lead DevOps at your company with programming sk… Continue reading Security Compliance Reports with Scan