Collaborate Disseminate
“Who can do what?” is still the biggest issue facing APIs.
Photo by Kara Eads on Unsplash
We are increasingly relying on APIs to power our applications. In this API Security 101 series, let’s discuss the security vulnerabilities that affect APIs, what … Continue reading API Security 101: Broken Function Level Authorization
Blameless’ platform provides the context, guardrails and automated workflows so engineering teams are unified in the way they communicate and interact while building their software systems. Continue reading Blameless raises $30M to guide companies through their software lifecycle
Building secure software using the Software Bill of Materials
Photo by Josue Isai Ramos Figueroa on Unsplash
In May 2021, the President released the Executive Order on Improving the Nation’s Cybersecurity (Executive Order). The Software Bill of Materia… Continue reading The Software Bill of Materials and Software Development
Hey, I found your access tokens on your profile page.
Photo by Rachel LaBuda on Unsplash
You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnera… Continue reading API Security 101: Excessive Data Exposure
Iterative, an open-source startup that is building an enterprise AI platform to help companies operationalize their models, today announced that it has raised a $20 million Series A round led by 468 Capital and Mesosphere co-founder Florian Leibert. Previous investors True Ventures and Afore Capital also participated in this round, which brings the company’s total funding to […] Continue reading Iterative raises $20M for its MLOps platform
SpaceX has always been willing to break from aerospace tradition if they feel there’s a more pragmatic solution. Today this is most visible in their use of standard construction equipment …read more Continue reading Not All SpaceX Software Goes To Space
We are pleased to announce that we have updated NG SAST to use the CPG deep analyzer for the analysis of Python applications!
Python applications and the vulnerabilities they contain
As of 2020, Python was the third most popular programming language i… Continue reading Static Analysis of Python Applications
Photo by Alex Radelich on Unsplash
How to help devs write code, learn security, and fight attackers
Securing software is friggin complicated.
Supply chain attacks, the OWASP top ten, ransomware, insider attacks, and plain old typos. As software develop… Continue reading Closing the Developer Security Skills Gap
Achieving a best-in-class OWASP Benchmark score with data and information flows
This post is an update to a previous research post authored by ShiftLeft’s Chief Scientist, Fabian Yamaguchi (https://blog.shiftleft.io/beating-the-owasp-benchmark-24a7b160… Continue reading Beating the OWASP Benchmark
This post is an update to a previous research post authored by ShiftLeft’s Chief Scientist, Fabian Yamaguchi (https://blog.shiftleft.io/beating-the-owasp-benchmark-24a7b1601031). In the last article, he evaluated ShiftLeft’s static analysis tool agains… Continue reading Beating the OWASP Benchmark