Collaborate Disseminate
TL;DR; We want the technology developed at ShiftLeft to benefit open security projects and the security research community as much as possible. Therefore, we are planning to open-source our semantic code property graph and its query language in the com… Continue reading Save Joern — Open Source at ShiftLeft
Massaging data to make it actionable
In this multi part data visualization design series, we’re exploring the concepts upon which we’ve used to build our user experience at ShiftLeft. In our product, we manage lots of application data, so … Continue reading Adventures in Data Visualization (Part 2)
Behind the magically populating dashboards of ShiftLeft lies a complex web of services. We have the state-of the art code property graph generation and querying systems that run on each incoming code artifact, squeezes the security DNA from it and uses… Continue reading Efficiently Testing Pipelined Microservices
When talking about data loss prevention, the first thing that comes to mind are solutions aimed at stopping users from moving sensitive documents/data out of a network. But there is a different type of data loss that app developers should be conscious … Continue reading ShiftLeft: Fully automated runtime security solution for cloud applications
Fabian Yamaguchi, Niko Schmidt & Marco Bartoli of ShiftLeft recently presented on our efforts to build a zero-day vulnerability machine at OffensiveCon. You can watch their presentation below.
FIELD REPORT ON A ZERO-DAY MACHINE
Make no mistake… Continue reading OffensiveCon 2018: Building a Zero-Day Machine
If data leakage isn’t the fastest growing problem in AppSec, I don’t know what is. In our experience, 100% of customer environments are leaking data. The adoption of microservices, combined with increasingly shorter development cycles, mea… Continue reading Your App is Leaking Data, Its Just a Question of How Badly
If you’ve implemented, or are implementing, a DevSecOps program, we’ve come up with several questions to consider below. By posing these questions, we hope to help spur new ideas and help identify areas for improvement. We’re also ho… Continue reading 7 Questions to Ask About Your DevSecOps Program
Since the 1990s there have been three logical phases of cloud adoption, from pioneering to mass adoption and managing. Effectively, the success of each phase led to the next phase, and we are in the management phase today. However, it’s the prob… Continue reading What the Next Era of Cloud Computing Means for AppSec & the SDLC
Detecting and preventing data loss is one of the top security concerns today. It’s a concern that has significantly amplified as companies move to trust third parties with their data, especially with increased reliance on cloud computing. To prev… Continue reading Detecting and Preventing Data Loss Using Semantic Code Property Graphs and Security Profiles
Just as widespread cloud application adoption has led to the emergence of cloud-centric management tools (Okta, New Relic, Mulesoft, etc.), as the DevOps movement reaches ubiquity, the need for DevSecOps becomes more acute. However, with so many vendor… Continue reading Six Requirements for Achieving DevSecOps