software engineering – Page 2

SAST vs DAST vs SCA?

Posted on July 28, 2021 by Vickie Li

Do you know the difference? Test yourself in the Secure Developer Challenge.
Photo by JESHOOTS.COM on Unsplash
SAST? DAST? SCA?
What’s up with the acronyms in the security world? In this developer challenge, let’s get to know the types of security tool… Continue reading SAST vs DAST vs SCA?→

API Security 101: Broken Function Level Authorization

Posted on July 27, 2021 by Vickie Li

“Who can do what?” is still the biggest issue facing APIs.
Photo by Kara Eads on Unsplash
We are increasingly relying on APIs to power our applications. In this API Security 101 series, let’s discuss the security vulnerabilities that affect APIs, what … Continue reading API Security 101: Broken Function Level Authorization→

Blameless raises $30M to guide companies through their software lifecycle

Posted on July 27, 2021 by Christine Hall

Blameless’ platform provides the context, guardrails and automated workflows so engineering teams are unified in the way they communicate and interact while building their software systems. Continue reading Blameless raises $30M to guide companies through their software lifecycle→

The Software Bill of Materials and Software Development

Posted on July 26, 2021 by The ShiftLeft Team

Building secure software using the Software Bill of Materials
Photo by Josue Isai Ramos Figueroa on Unsplash
In May 2021, the President released the Executive Order on Improving the Nation’s Cybersecurity (Executive Order). The Software Bill of Materia… Continue reading The Software Bill of Materials and Software Development→

API Security 101: Excessive Data Exposure

Posted on July 13, 2021 by Vickie Li

Hey, I found your access tokens on your profile page.
Photo by Rachel LaBuda on Unsplash
You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnera… Continue reading API Security 101: Excessive Data Exposure→

Iterative raises $20M for its MLOps platform

Posted on June 2, 2021 by Frederic Lardinois

Iterative, an open-source startup that is building an enterprise AI platform to help companies operationalize their models, today announced that it has raised a $20 million Series A round led by 468 Capital and Mesosphere co-founder Florian Leibert. Previous investors True Ventures and Afore Capital also participated in this round, which brings the company’s total funding to […] Continue reading Iterative raises $20M for its MLOps platform→

Not All SpaceX Software Goes To Space

Posted on June 1, 2021 by Roger Cheng

SpaceX has always been willing to break from aerospace tradition if they feel there’s a more pragmatic solution. Today this is most visible in their use of standard construction equipment …read more Continue reading Not All SpaceX Software Goes To Space→

Static Analysis of Python Applications

Posted on May 26, 2021 by Katie Horne

We are pleased to announce that we have updated NG SAST to use the CPG deep analyzer for the analysis of Python applications!
Python applications and the vulnerabilities they contain
As of 2020, Python was the third most popular programming language i… Continue reading Static Analysis of Python Applications→

Closing the Developer Security Skills Gap

Posted on May 25, 2021 by Vickie Li

Photo by Alex Radelich on Unsplash
How to help devs write code, learn security, and fight attackers
Securing software is friggin complicated.
Supply chain attacks, the OWASP top ten, ransomware, insider attacks, and plain old typos. As software develop… Continue reading Closing the Developer Security Skills Gap→

Beating the OWASP Benchmark

Posted on May 20, 2021 by Vickie Li

Achieving a best-in-class OWASP Benchmark score with data and information flows
This post is an update to a previous research post authored by ShiftLeft’s Chief Scientist, Fabian Yamaguchi (https://blog.shiftleft.io/beating-the-owasp-benchmark-24a7b160… Continue reading Beating the OWASP Benchmark→