Architecturally speaking, cloud-native applications are broken down into smaller components that are highly dynamic, distributed, and ephemeral. Because each of these components is communicating with other components inside or outside the cluster, this architecture introduces new attack vectors that are difficult to protect against using a traditional perimeter-based approach.

Node.js provides a single-threaded JavaScript run-time surface that prevents code from running multiple operations in parallel. If your application typically employs synchronous execution, you may encounter blocks during long-running operations. However, Node.js itself is a multi-threaded application. This is evident when you use one of the standard library’s asynchronous methods to perform I/O operations, such as reading a file or making a network request.

Kenneth Buckler, CASP, is a research analyst of information security/risk and compliance management for Enterprise Management Associates, a technology industry analyst and consulting firm. He has also served in technical hands-on roles across the Federal cyber security space and has published three Cyber Security books. Ken holds multiple technical certifications, including CompTIA’s Advanced Security Practitioner (CASP) certification.

Not all hackers are bad. No, really, it's true! We aren't the biggest fan of people who steal your information for nefarious purposes, but there are a ton of upstanding people out there using hacking skills for good. One such person is Agne Marija Bucyte, a Junior Ethical Hacker at Baltic Amadeus who has decided to turn her hacking skills and computer knowledge into her profession.

We have all heard the terms low-code or no-code being thrown around as buzzwords over the last few years but what does this mean and how is it changing the way businesses and individuals solve problems? I am going to use our product SAML Jackson to explain how low-code solutions are changing the way we build products.

It is easy to think of cybercrime as a phenomenon only impacting the digital space. However, as trends are showing, digital attacks have a very real and very physical impact. According to the FBI, there has been a surge in rental and real estate property scams conducted via digital means, whether that’s the insertion of rogue actors into the property purchase chain, or hijacking of legitimate websites to promote false, money scamming listings.

Welcome to the first post of the malicious software packages series for the DevOps and DevSecOps community. Each Monday, this technical series will focus on various malicious packages and their effects on the software supply chain, all published over the next four weeks. We’ll dive deeper into malicious packages in each post, including Here we go. Let’s discuss malicious software packages in your software supply chain.

Unpatched software vulnerabilities continue to be the most widely used attack vector. There are several factors behind this: SMBs are implementing new software applications in their infrastructure more than ever to simplify business operations and be more efficient. But this reality is changing their organizational landscape, adding more complexity to their security posture.

The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with CSF 1.1 in April 2018.