What secrets are your container images hiding?
Amit Chita breaks down container image analysis, which can reduce security scanning time by up to 80% by focusing only on the files that matter.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
December 2024
Find open source vulnerabilities in containers with Black Duck Binary Analysis | Black Duck
Discover how to identify open source components and vulnerabilities in various software binaries including container images, mobile apps, and embedded software with Black Duck Binary Analysis What’s covered?
Track and manage open source risk across your application portfolio with Black Duck SCA | Black Duck
Learn how your security teams can take a proactive approach to managing open-source risk using Black Duck Software Composition Analysis (SCA). Join us as we explore the process of analyzing scan results, addressing new CVEs, and prioritizing remediation efforts. Key Highlights: Discover how Black Duck SCA empowers teams to surface, understand, and prioritize findings efficiently, ensuring software security and compliance.
3 Key Steps to Strengthen Compliance and Risk Management
A robust security strategy is no longer a nice-to-have. It's essential to remain competitive and trustworthy in the market. Security teams are under constant pressure to quickly address vulnerabilities and maintain compliance, all while scaling business operations.
Introducing SBOM support in Polaris | Black Duck
In this video, you will find how easy it is to create a Software Bill of Materials (SBOMs) using Polaris cloud-based AppSec platform. Join us as we demonstrate how your teams can instantly generate an SBOM report in commonly used formats such as SPDX and CycloneDX.
The Startup's Open-Source Guide to Application Security
Security can be a difficult, expensive world to navigate. So we decided to create a comprehensive guide of open-source security tools to cut through the bullsh*t and show what the most critical tools to implement are, what assets you need to protect, and how you can build a long-term security plan using only free and open-source tools.
See how to onboard and scan in minutes with Polaris | Black Duck
Polaris Platform is a cloud-based, user-friendly application security testing tool optimized for DevSecOps. See how you can get onboarded and scanning in minutes.
Resolve Kubernetes Issues Fast + New AWS Monitoring Features! #Kubernetes #CloudSecurity
Tune in to This Month in Datadog to learn about Kubernetes Active Remediation, which enables you to resolve workload issues with contextual next steps, as well as Datadog IaC Security and a trio of new features for monitoring AWS resources.
Automate compliance with SprintoGRC x Aikido
TL;DR We’ve partnered with SprintoGRC, the full-stack security compliance automation platform, to help companies put security on autopilot. Get compliance done 🤝 get back to building.
Rapid Bulk SCM Onboarding Made Easy with Polaris | Black Duck
It is a constant challenge for modern app and DevOps team to onboard and scale AppSec test in today's highly complex and distributed software environment. Ability to automate bulk upload and scanning of an organizations' hundreds of repositories is the first step. This video shows how the Polaris integrated application security testing SaaS platform helps.
Security's Confidentiality, Integrity and Availability (CIA) Triad - Outdated or Still Relevant?
Are confidentiality, integrity, and availability still enough, or is it time to evolve our thinking? Join Chris Lindsey and a panel of tech leaders from leading enterprises, for a dynamic discussion on the relevance of the CIA Triad in modern security practices. Chapters: CIA Triad Basics and CVSS Scoring (0:00 - 0:55) Expanded Impact Metrics (0:55 - 2:02) Additional Impact Considerations (2:02 - 2:45) Historical Context and Evolution (3:01 - 3:41) Modern Challenges and Limitations (3:41 - 5:21) Risk-Based Prioritization (5:48 - 6:22) Business Communication Value (6:26 - 8:18)
Mend AppSec Platform Deep Dive
Watch Josh Newton demonstrate how the Mend AppSec Platform streamlines security across your codebase and software supply chain. Key Highlights: Intuitive Interface: Experience the ease of navigating the Mend AppSec Platform. Comprehensive Security Coverage: See how the platform addresses a wide range of security vulnerabilities. Seamless Integration: Discover how the platform seamlessly integrates into your existing development workflows. P.S.
Introducing Black Duck Polaris with branching support | Black Duck
Unlock the power of modern app development with the latest Black Duck Polaris Platform feature: Branching support. Developers can now seamlessly scan multiple branches, identify vulnerabilities, and eliminate any critical blind spot early in the development and DevOps process. Branching support provides more transparency and visibility into scanning activities, allowing more secure code to be developed across organizations.
Emerging Threats in Cybersecurity: Safeguarding Software from Evolving Risks
In the digital-first landscape of today, cybersecurity threats are getting increasingly advanced and widespread, posing serious risks that could have adverse impacts on organizations the world over. Businesses are conducted through complex software systems and are increasingly susceptible to such attacks. Attackers continue refining their phishing scams and advanced persistent threats to exploit new vulnerabilities. Of the many, one such covert threat comprises malicious code, which recently has emerged as a permanent feature that requires proactive ways of lessening its impact.
Meet Intel: Aikido's Open Source threat feed powered by LLMs.
Intel is our open-source security threat feed powered by AI and our in-house research team. Intel monitors and uncovers vulnerabilities in open-source packages before they are disclosed. Many never are.
Top Mobile App Security Standards to Follow in 2025
Mobile app security standards are the foundation of all effective mobile application security programs. They provide a structured framework for developers and security teams to identify, mitigate, and manage security risks throughout the app development lifecycle. The ubiquitous nature of mobile applications has only exacerbated the risk of data exposure and enterprise infiltration as mobile threats become more sophisticated daily.
Web Application Security for DevOps: Anti-CSRF and Cookie SameSite Options
This is a continuation of our series on web application security. If you haven't already read through parts 1 and 2, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: what are request methods, including the POST request method, and how does logging out of a website work when it comes to cookies and session IDs? Let's also tackle the more important issue of how to combat cross-site request forgery (CSRF) attacks.
Application Security 101: A Guide for Developers
Most developers and companies believe their applications to be secure and understand the importance of security. However, year after year, they continue to push vulnerable code into production... In order to avoid these pitfalls and improve the overall security of our applications, we need to understand what application security (or AppSec) is all about. In this video, you will learn what application security is, why it's important and what you can do to keep your applications secure.
Exploring Bug Bounty Programs and Pen Testing with Michael Vance from Navient
Kicking off your hacking journey? Bug bounty programs offer the perfect legal avenue to practice hacking without getting busted! Chapters.
What is code reachability?
Wait – what is code reachability Let's go back to basics with Amit Chita about decluttering your digital closet in a series of short videos about a subject that's too often overlooked.
How ASPM Elevates Security for Today's Cloud Ecosystem
Cloud technology has revolutionized business operations, but the digital transformation required to adopt and scale cloud technology exposes vulnerabilities that traditional cybersecurity approaches struggle to address — often leaving organizations vulnerable to adversaries.
CrowdStrike Named a Leader in 2024 Frost Radar for Cloud-Native Application Protection Platforms
Frost & Sullivan has recognized CrowdStrike as a leader in its Frost Radar for Cloud-Native Application Protection Platforms (CNAPP) for the third consecutive year. CrowdStrike Falcon Cloud Security continues to set the standard for securing hybrid and multi-cloud environments, as evidenced by our placement at the forefront of both the Innovation Index and Growth Index.
Seven steps to close coverage gaps with ASPM
The old adage “knowledge is power” holds especially true in the realm of AppSec. By remaining aware of the potential threats to applications and closing gaps in coverage, AppSec teams can demonstrate to leaders that they are in a solid position to protect vital assets. However, visibility is riddled with challenges, not the least of which are highly productive developers racing to market, often using AI-generated code that contains potential security issues.
Launching Aikido for Cursor AI
Cursor AI has quickly become the hot AI code editor, rapidly gaining popularity with developers looking to write code faster and more efficiently. But while Cursor accelerates coding, how can devs trust that Gen AI code is secure?
Automatic dependency updates have never been easier
Implementing Mend Renovate Enterprise has never been easier: 24/7 support, dedicated team guidance, and additional features for increased productivity. Book a time with a product specialist to learn more.