Collaborate Disseminate
This post will shed some light on how we were able to optimise one of our frontends, reducing the typical project’s run time by half. We’ll also take a look at some of the pitfalls we encountered and how we can apply our changes to other projects as we… Continue reading An Optimisation Story: Building a Code Scanner for Large Golang Apps
Having spent 15 years detecting malware — virus, intrusions, worms, nation-state attacks, etc — I learned that much of security is reactive. We let the bad guy shoot first and then try to figure out how we are going to protect ourselves. Software vuln… Continue reading Progress in Numbers: Our First Customer Report
Identity and data security is a priority for DevSecOps in the public cloud. Accounts, access, permissions, and privileges have become […]
The post DevSecOps Best Practices in Identity and Data Security appeared first on Sonrai Security.
The post DevSec… Continue reading DevSecOps Best Practices in Identity and Data Security
The role of security champions in a software development team, and how they help build secure applications
First, what is a security champion?
A security champion is a person in your organization that advocates for security best practices.
They are cr… Continue reading What is a security champion and do you need one?
Anitian cited as a Sample Vendor in the Continuous Compliance Automation (CCA) category, as DevOps and DevSecOps adoption grows. Link to release via PR Newswire PORTLAND, Oregon — July 20, 2021 — Anitian, the leading cloud application security and comp… Continue reading Anitian Named a Vendor in Gartner Hype Cycle for Agile and DevOps
Because companies are defined by their customers, we connected with IT Central Station for real user experiences with Sonatype’s Nexus Lifecycle and Nexus Firewall. Our second in the series, we first looked at benefits of data quality to Software … Continue reading Effective Tools for Software Composition Analysis
XStream Vulnerabilities — Detection & Mitigation
Looking at RCEs in the XStream Java Library and How you can prevent them
Introduction
XStream from ThoughtWorks is a simple library to serialize and deserialize objects in XML and JSON format. Compa… Continue reading XStream Vulnerabilities — Detection & Mitigation
Security is all about closing gaps—between attacker tactics and your defensive capabilities, for instance, or the known and unknown user identities in your cloud infrastructure. An important gap that too many organizations overlook actually starts at … Continue reading 4 Ways to Improve Governance in Product Security
Visibility within an application security (AppSec) program is key to accountability. CISOs and executive leaders can’t expect to hold developers and product lines responsible for security …
The post Accountability Through Reporting: The Path to True … Continue reading Accountability Through Reporting: The Path to True DevSecOps
If you have ever considered how hackers and other cyber attackers on the internet use different paths to harm systems and software, you already know a …
The post What is Application Security Risk? appeared first on ZeroNorth.
The post What is Applica… Continue reading What is Application Security Risk?