With a history spanning more than a decade, AWS CloudFormation has been the tool of choice for many organizations moving their cloud deployments from “point and click” configuration and towards managing infrastructure as code (IaC). As a mature technology, CloudFormation has spawned an ecosystem of tools, documentation and examples around the stack — whatever one is trying to accomplish in this space, chances are good they’ll find relevant resources on the topic.

It’s no secret that cloud service providers like AWS, Google Cloud, and Azure give teams incredible power and flexibility when it comes to delivering great solutions and user experiences to a global customer base. Leveraging the power of one or more clouds is often seen as a critical competency for an organization to succeed.

As a cybersecurity organization, Netskope has a responsibility to be transparent about security issues reported in Netskope products and services which might have an impact on Netskope customers or partners. To fulfill this responsibility, Netskope has a smooth, transparent, and industry-standard process under our Product Security Incident Response Team (PSIRT) to disclose the security issues publicly which are reported in Netskope products from various sources.

It’s not your imagination; Zero Trust (ZT) is everywhere these days. Indeed, one study reports that 96% of security decision-makers say ZT is critical to their organization’s success, and another study notes that 51% of business leaders are speeding up their deployment of ZT capabilities. But exactly what is Zero Trust and why is it the top security priority for organizations around the globe?

GraphQL is an API query language developed by Facebook in 2015. Since then, its unique features and capabilities have made it a viable alternative to REST APIs. When it comes to security, GraphQL servers can house several types of misconfigurations that result in data compromise, access control issues, and other high risk vulnerabilities. While security issues with GraphQL are widely known, there’s little information on finding them outside of using dynamic analysis.

JavaScript is a great programming tool, but JavaScript security problems can cause significant damage to organizations and their customers. To help cybersecurity professionals and software developers better understand everything they need to know to improve JavaScript security, we’ve developed a free, comprehensive e-book, The Ultimate Guide to JavaScript Security.

On the heels of our significant growth investment from TA Associates, we are pleased to announce our acquisition of auto-remediation technology from Jaroona. Jaroona’s intelligent remediation technology accelerates Veracode’s vision and strategy to automatically detect and remediate software vulnerabilities. Jaroona was recognized as a Gartner Inc. 2021 Cool Vendor for DevSecOps.

Maintaining cyber resilience across your ecosystem is a significant challenge that must not be brushed aside as the likelihood of experiencing a cyber incident increases year after year. For example, in 2021 alone, there were multiple attacks on Critical National Infrastructure (CNI) such as Colonial Pipeline and against the Oldsmar, Fla. water treatment plant.

Data leaks and breaches lead to business risks such as regulatory fines, brand damage and revenue loss. In order to protect your organization against it, you must implement security policies that describe your data taxonomy as well as the security controls for each category of data. From there, you can uncover and classify data flows across your products, audit security controls, identify gaps with your security policy, and remediate issues.

Last month’s revelation that Okta had been hacked created a seismic impact in the world of security, with organizations still bracing themselves for the fallout from this incident. While resources, like Microsoft’s article on Lapsus$ (tracked as DEV-0537), have broadly dissected the attack vectors used in the group’s attacks, we wanted to expand on the broader trends and context surrounding the Okta hack.