Everybody’s talking about securing the DevOps pipeline and shifting security left.. AppSec tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and others that address issues in proprietary software have become staples of the developer’s security toolbox.
Adversaries are moving beyond malware and becoming more sophisticated in their attacks by using legitimate credentials and built-in tools to evade detection by traditional antivirus products. According to the CrowdStrike 2022 Global Threat Report, 62% of detections indexed by the CrowdStrike Security Cloud in Q4 2021 were malware-free.
As developers we all have our morning startup routine: make coffee, check slack/discord/email, read the latest news. One thing I do as part of my daily startup routine is check the Snyk vulnerability database for the latest open source vulnerabilities. It’s been especially interesting to see the types of exploits and vulnerabilities that appear in different ecosystems. For example, since May 2021 I’ve been watching the emergence of vulnerabilities in Tensorflow libraries.
Viruses, worms, ransomware — even the least tech-savvy among us know what these are, and want to avoid them if at all possible. What do they all have in common (besides the fact that they can lock up your devices and attempt to steal your data)? They all fall under the malware umbrella.
Many low-code applications are built for the purpose of moving data from one place to another usually as a result of some external trigger, such as the arrival of a new email message. In the case of an email-triggering low-code application, if low-code security best practices are not strictly followed, attackers may abuse the application to set rogue automated email forwarding rules, which can be used to steal data, impersonate as corporate users and mount phishing campaigns.
It's somehow fitting that Groundhog Day and tax scam season overlap. Much like the 1993 Bill Murray film where he repeatedly experienced the same day, tax season scammers come out of their hole every year at the same time and tend to use the same attack methods against organizations and regular taxpayers. These scammers stick to these tried-and-true methods because they still work.
Authentication, authorization, and accounting, often called AAA or Triple-A, are sets of services and protocols that enable granular access control over computer networks. Before the popularity of mainstream HTTP-based authentication protocols such as OAuth and SAML, AAA protocols were the primary way to authenticate users or machines to network services.
Digital transformation has forever changed the way healthcare organizations deliver care. By pivoting to cloud based platforms, health systems can liberate data from silos and connect it in ways that enable them to gain insights, take action and collaborate across a patient’s care journey.
No one doubts the importance of cybersecurity in web development — and yet, often in the development cycle, we neglect to prioritize it across each sprint and into the final product. Making cybersecurity a priority throughout every development sprint cycle is necessary to combat the tide of digital attacks threatening the modern web. But how can you ensure your focus on cybersecurity throughout development?
One very predictable part of cybersecurity is that the work is unpredictable. here are routines that help to create a predictable rhythm, but you don’t necessarily know when the next attack will come, how intense it will be when it does, or when you will get to go back to a predictable and hopefully manageable rhythm again.
