Kondukto

Wilmington, NC, USA
2019
  |  By Andreas Wiese
In the fast-paced field of software development, ensuring applications remain functional and secure through updates is essential. Regression testing, which checks that new code doesn't harm existing features, is key. Dynamic Application Security Testing (DAST) tools play a crucial role here. They identify security flaws in active web applications. This article explores the importance of DAST tools, integration, and enhancement in regression testing.
  |  By Kondukto Security Team
CVE-2022-39327 is a code injection vulnerability that affects the command-line interface for Microsoft Azure (Azure CLI). The vulnerability allows an attacker to execute arbitrary commands on a Windows machine that runs an Azure CLI command with untrusted parameter values. The vulnerability was discovered by GitHub Security Lab and reported to Microsoft on October 7, 2022. Microsoft released a patch for the vulnerability on October 25, 2022, in version 2.40.0 of the Azure CLI.
  |  By Kondukto Security Team
This is an overview of the CVE-2023-40598 vulnerability, which affects Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1. We will explain the nature of the vulnerability, how it can be exploited, and how it can be fixed. We will also provide code examples, links to web pages with valuable information, and tips on how to prevent similar vulnerabilities in the future.
  |  By Can Taylan Bilgin
Have you ever thought there could be a smarter way to handle your organization's app security? In this blog post we're going to provide an overview of modern Security Orchestration, show how it fits perfectly with DevSecOps and how to make sure that security is part of your software development lifecycle right from the start.
  |  By Alperen Örsdemir
The Software Bill of Materials (SBOM) has become essential in application security as it provides a comprehensive list of every element within a software build. This is important because vulnerabilities can often emerge in third-party or transitive dependencies, not just in the main code. SBOM is used not only for vulnerability discovery but also to detect and understand open-source license violations in advance.
  |  By Cenk Kalpakoğlu
eBPF, short for Extended Berkeley Packet Filter, is a kernel technology that allows programs to run without requiring changes to the kernel source code or the addition of new modules. eBPF was built on top of the Berkeley Packet Filter (cBPF). Notable milestones in its development include the first in-kernel Linux JIT compiler in April 2011 and the first non-networking use case of the classic Berkeley Packet Filter, seccomp-bpf, appearing in January 2012. It can be used for a variety of purposes.
  |  By Andreas Wiese
As the backbone of modern business operations, applications are frequently targeted by sophisticated malicious threats. In this blog post, we provide a high-level overview of how malicious code can enter your software applications. We look at different forms of malicious code, their entry points, practical tools and strategies for detection & prevention, focusing on innovative solutions.
  |  By Can Taylan Bilgin
Considering the complexity of the modern application stack and developer tooling, ensuring the security of your application throughout its lifecycle can quickly become a daunting task.
  |  By Andreas Wiese
Container security is an increasingly vital aspect of modern software development and deployment. Understanding and implementing effective security measures becomes essential as organizations shift towards containerizing their applications. This article will explore practical insights and strategies for ensuring robust container security. We will delve into some best practices and tools to secure container environments, focusing on securing images and registries, container deployment, runtime security, and more.
  |  By Alperen Örsdemir
During a recent customer engagement, we encountered an interesting situation. The customer had raised concerns about a Java XXE (XML External Entity) vulnerability that had left their developers puzzled. Notably, their Static Application Security Testing (SAST) scans consistently identified this as a potential vulnerability.
  |  By Kondukto
In this episode, Alex Krasnov from Meta shares his thoughts on the supply chain security tools and processes, the impact of government mandates on the evolution of the industry and what lies ahead.
  |  By Kondukto
In this episode, we talk with Rami McCarthy from Figma about best practices in security programs including the roles of developers, and effective triage and remediation processes.
  |  By Kondukto
Kondukto integrates with OpenAI and gets vulnerability remediation advice for all your security testing results on this concept work. OpenAI is an artificial intelligence research laboratory that surprised the world with ChatGPT. It was founded in San Francisco in late 2015 by Sam Altman and Elon Musk, and many others. ChatGPT grabbed 1M people's attention in the first six days, and unbelievable AI & Human conversations screenshots are still getting shared.
  |  By Kondukto
Kondukto allows you to set SLA levels for your vulnerabilities and easily track the ones that are overdue.
  |  By Kondukto
You can easily activate Nuclei on Kondukto and scan your applications in no time.
  |  By Kondukto
On Kondukto you can apply automated workflows on vulnerabilities that are manually imported to Kondukto as well. In this video, you can see how Kondukto automatically creates issues on issue managers and sends notifications as soon as a new file is imported.
  |  By Kondukto
With Kondukto an action taken on a vulnerability discovered in one branch is automatically reflected on the same vulnerability discovered in a different branch.
  |  By Kondukto
With Kondukto's Secure Code Warrior integration you can send training videos to your developers to raise awareness about certain types of vulnerabilities.
  |  By Kondukto
Kondukto lets you pinpoint the developers responsible for vulnerabilities discovered by your SAST tools. After analyzing the type and number of vulnerabilities created by each developer, you can quickly assign courses on Avatao with a single click on Kondukto.
  |  By Kondukto
Kondukto lets you pinpoint the developers responsible for vulnerabilities discovered by your SAST tools. After analyzing the type and number of vulnerabilities created by each developer, you can quickly assign courses on Codebashing with a single click on Kondukto.

The Kondukto Platform is the ultimate tool for application security teams, allowing them to effortlessly transform vulnerability management, giving back the time, focus, and insight they need to succeed.

Instantly get all security testing tool results in a single view, automate vulnerability remediation workflows and manage risks with key security performance indicators (KPIs).

Effortless efficiency that saves time and money:

  • Gain visibility & insight: Speed up prioritization process with the power of orchestration and automation.
  • Remediate faster: Reduce distraction and low value work to speed up remediation.
  • Boost learning and accountability: Support a culture of continuous improvement with our developer-level vulnerability data.

Accelerate triage and remediation with AppSec orchestration.