My name is Seb and I’m an application security (AppSec) engineer, part of the Application Security Consultant (ASC) team here at Veracode. My role is to help remediate flaws at scale and at pace, and to help you get the most out of the Veracode toolset. With a background as an engineering lead, I’ve run AppSec initiatives for government and global retailers. I’ve found that successful AppSec is all about people.
According to its own website, FedRAMP serves three different of partners: federal agencies, Cloud Service Providers (CSP) and third-party assessment organizations. This article will focus on CSPs and how a good CSP can provide services that provide monetary savings for your agency.
In today’s economy, digital assets (applications, data, and processes) determine business success. Cloud-native applications are designed to iterate rapidly, creating rapid time-to-value for businesses. Organizations that are able to rapidly build and deploy their applications have significant competitive advantage.
An unsecured AWS S3 bucket with 5.5 million business files was recently discovered by security researchers at vpnMentor. All of these files were publicly available without any password protection or other security protocols attached to them. This kind of thing happens regularly with cloud service providers, and it often occurs when IT teams neglect to set security and compliance rules within their cloud environments.
IT compliance requirements are designed to help companies enhance their cybersecurity and integrate top-level protection into their workflows. But passing an IT security audit can be challenging. Complex requirements, constant changes in standards and laws, and audit processes, and a high number of required security procedures are the key challenges of maintaining compliance. The way out is with careful preparation and smart planning.
Physical or cyber, security is one of the most essential concerns for chemical industry. In this article, we will take a closer look at the cybersecurity requirements. Keep reading to learn more! With the advancements in the technology and Internet of Things, most processes related to the production, shipment and storage of chemicals heavily rely on the automation and cyber solutions.
This blog was written by a third party author. A security risk assessment is a formal method for evaluating an organization's cybersecurity risk posture. Comprehensive security risk assessments take stock in business objectives, existing security controls, and the risk environment in which the business operates. When done well, the assessment identifies security gaps in existing controls as compared with industry best practices.
When is hacking legal? Host and security researcher Laura Kankaala delves into this topic with guest and Detectify General Counsel Cecilia Wik. NOTE: this episode does not give any official legal advice, but Laura picks Cecilia’s brain about the legalities of hacking with her area of expertise, the law. Their discussion covers different laws concerning the information security community such as copyright law, the Computer Fraud and Abuse Act and Wire Fraud Act.
Imagine you’ve protected your production Google Cloud environment from compromised credentials, using MFA and a hardware security key. However, you find that your GCP environment has been breached through the hijacking of OAuth session tokens cached by gcloud access. Tokens were exfiltrated and used to invoke API calls from another host. The tokens were refreshed by the attacker and did not require MFA. Detecting the breach via Stackdriver was confusing, slowing incident response.
Today, data analytics, automation, connectivity, and remote monitoring have made great progress and have brought innovations in every sphere of modern civilization. The digitization in day-to-day human activities has been revolutionized by the Internet of Things (IoT). Based on Gartner’s Forecast database, we can expect that there will be approximately 14 billion devices connected to the internet by 2022. With more devices connected, it will change the way we do business and use resources.
