|
By David Melamed
As cybersecurity becomes increasingly important in software development, the “shift left” security approach is widely recognized as a best practice for ensuring superior application security. Numerous traditional security firms are introducing shift-left products and capabilities, and the concept is gaining traction. However, some open source application security tools are more developer-friendly than others.
|
By Moshiko Lev
Cloud workloads continue to grow as new digital innovations arise monthly in the worlds of IoT applications, cloud services, and big data analytics. However, the cloud's dynamic and often complex nature can make cloud application security challenging. This gap in cloud security readiness is a growing concern for organizations worldwide, with CISOs feeling the pressure. 61% of CISOs feel unequipped to cope with a targeted attack, and 68% expect such an attack within the following year.
|
By Moshiko Lev
In the race for technological innovation, companies often sprint toward product launches but find themselves in a marathon when fixing vulnerabilities. This dichotomy poses a significant challenge, especially with the ever-increasing security loopholes. CISA recommends addressing critical issues in less than 15 days, but it may be wishful thinking. IT teams are inundated with an ever-increasing volume of security alerts, making it challenging to prioritize and address each one effectively.
|
By Aviram Shmueli
Developers are responsible for mitigating risk of web applications through secure software development. This requires a culture of secure software development, which can be promoted with tactics that engage developers in the security process.
|
By Liron Biam
Software Composition Analysis (SCA) tools have been around since 2002, and they are now more critical than ever for identifying vulnerabilities in your codebase's libraries, frameworks, and third-party components. According to a Capterra report, 61% of businesses have been affected by a supply chain threat in the last year. If you’re one of the lucky 39%, Capterra suggests it really came down to luck - as nearly all companies use at least one third-party vendor.
|
By Ariel Beck
In the famous book “Code Complete,” published by Microsoft Press, author Steve McConnel emphasized the importance of writing code for people first and computers second for better code readability. This was in 1993, when cyber attacks were practically non-existent. Fast forward to 2023, we have a greater challenge: writing code for tackling hackers first and users second. This challenge is compounded by the rise of cybersecurity incidents due to security vulnerabilities in code.
|
By Shlomi Kushchi
The OWASP Top 10 list is the go-to resource to begin understand application security risk for software developers and information security professionals. Most of us don't know we're harboring vulnerabilities in plain sight. During 2020 and 2021, there were an average of 15 vulnerabilities per site, and two out of these fifteen vulnerabilities were of high severity. To protect against vulnerabilities, you first need to be aware of them. That’s where the OWASP Top 10 list comes in handy.
|
By David Melamed
By now, you have probably heard about the recently discovered backdoor into versions 5.6.0 and 5.6.1 of the tarballs of the xz utilities, a popular compression/decompression library for xz files, which provides unauthorized remote access under certain conditions. This vulnerability was reported under CVE-2024-3094. Andres Freund, of Microsoft, who discovered the vulnerability, summarized it well.
|
By Liron Biam
We recently wrote about npm audit fix, which is an add-on to the excellent npm audit, that has become a fundamental tool for managing software packages in Node.js projects. However, developers working with other languages also require specialized tools for Software Composition Analysis (SCA). At Jit, our tool of choice for SCA scanning across a diversity of programming languages is OSV Scanner, a best of breed OSS solution maintained by Google.
|
By The Jit Team
If over 40 major banks can be the target of JavaScript injection attacks, let’s be honest – so can you. In 2023, a malware campaign using this attack method affected 50,000 user sessions across more than 40 financial institutions worldwide, leaving many dev teams in pure damage-control mode. A large number of professional developers (especially front-end developers) use JavaScript more often than any other programming language.
|
By Jit
Aviram Shmueli, a cofounder at Jit, provides an overview of DecSecOps and explains its benefits compared to traditional product security practices that rely on surfacing vulnerabilities in production.
|
By Jit
Aviram Shmueli, a cofounder at Jit, explains some of the common vulnerabilities that can be mitigated with DevSecOps, which includes coding flaws that expose SQL injection or cross-site scripting vulnerabilities, to security issues in your third-party dependencies.
|
By Jit
Aviram Shmueli, a cofounder at Jit, discusses the importance of integrating DevSecOps into developer tooling like GitHub and Slack.
|
By Jit
Learn about the DevSecOps metrics you can use to measure the efficiency and effectiveness of your code and cloud security program.
|
By Jit
Learn how Jit enabled a culture of security at ShopMonkey by integrating scanning into every code change.
|
By Jit
Jit is LIVE with #AWS! Join us for the THIRD and FINAL episode in our series on cloud security! David Melamed, PhD will discuss ‘Protecting a Modern App (part 2) - from AWS deployment to cloud-native vigilance’ on #TheBigDevTheory - hosted by Stuart Clark, and joined by guest Toni de la Fuente.
|
By Jit
Our CTO, David Melamed, was a rockstar on session two of Jit live with AWS, which streamed on the AWS Twitch channel. David discussed ‘Protecting a Modern App - elevating security by integration in your CI/CD pipeline'. Here is a short recap from the one-hour session highlighting some of the key insights and takeaways from the talk.
|
By Jit
Chris Koehnecke, our VP Security Engineering & CISO dives into a recap of his talk at BSides Albuquerque. Chris discusses the evolving metrics for velocity + safety. We're pioneering real-time DevSecOps metrics at Jit to enable faster innovation with lower risk.
- April 2024 (19)
- March 2024 (11)
- February 2024 (9)
- October 2023 (3)
- September 2023 (3)
- August 2023 (1)
- June 2023 (3)
- May 2023 (2)
- March 2023 (1)
- February 2023 (2)
Jit is the easiest way to secure your code and cloud, providing full application and cloud security coverage in minutes. Tailor a developer security toolchain to your use case and implement it across your repos in a few clicks.
Jit empowers developers to own the security of their code without ever leaving their workflow, prioritizing the alerts that matter. Using your current security toolset with Jit, your devs can deliver secure code faster than ever.
Full Security Coverage in Minutes:
- Iterative scanning within the PR makes Jit easy to adopt for developers: Fast and automated scanning within GitHub make security checks feel like quality checks, so developers can easily incorporate Jit into their day-to-day.
- Gamified security tracking per team: Every team can monitor their security score, which is based on open vulnerabilities in their repos.
- Leverage an open and extensible orchestration framework: Easily plug any tool into Jit’s extensible orchestration framework to unify the execution and interface of any security tool, enabling a more consistent DevSecOps experience.
The easiest way to secure your code and cloud.