php[tek] 2023 - A Community Of Communities Powering The Internet
The PHP community came together in Chicago for php 2023, sharing best practices and the latest updates from the language and frameworks that run over 77% of the internet.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Git
CVE-2023-2825 Vulnerability In GitLab Version 16.0.0 - Steps To Take
CVE-2023-2825 vulnerability is a recently discovered vulnerability in GitLab. It allows unauthorized access to GitLab repositories to read arbitrary files. This post will discuss further details of the vulnerability, its location, discovery, and how the Astra scanner scans for it.
How to Secure Your SCM Repositories with GitGuardian Honeytokens
Protect your code and secure your repositories with honeytokens. Learn how to create and add these digital traps to your SCM repositories and how GitGuardian helps you stay alert to potential threats. Read on for best practices and tips to make the most out of honeytokens.
Webinar - Solving the Secrets Management Puzzle
Secrets sprawl is showing no signs of a slowdown. Last month, we revealed 1 in 10 code authors exposed a secret on GitHub in 2022, collectively leaking 10 million secrets (you read that right, T-E-N) on the platform. This time, we're stepping beyond the data. We went on a (virtual) field trip and asked 500+ CISOs and engineering leaders how they currently deal with hardcoded secrets, how they intend to solve their organization's secrets management puzzle, their top priorities and investment areas in AppSec and Dev tooling, and many other questions!
Are Your Company Secrets Safe on GitHub? Here's Why You Need to Request a Complimentary Audit
With a large number of developers, it’s highly likely that your company’s secrets are publicly exposed without your knowledge. Request your audit today and take control of your GitHub security perimeter.
CISO advice - building a comprehensive secrets management program
Jason Haddix is the CISO of BuddoBot and former CISO/Head of Security at UbiSoft. In this clip Jason explores why a comprehensive secrets management program is absolutely vital for a organizations. He walks us through his 4 step secrtes management plan he has rolled out to Detect, Prevent, Respond and Educate. Today Jason puts together his cyber leadership skills with his penetration testing background as the CISO of BuddoBot, a world class red team as a service organization that is designed to emulate and prepare your organization for real world attacks.
Lessons from Lapsus - CISO on Building a comprehensive secrets management program
Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
Platform Engineering and Security: A Very Short Introduction
Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes.
How docker images are made
In this short we look at the three components that make up docker, the docker file, docker image and docker container.
cdCon + GitOpsCon - Co-evolving Open Source DevOps Communities In One Conference
The CD Foundation and OpenGitOps communities joined forces in Vancouver to create cdCon + GitOpsCon for a conference about the future of DevOps tools and best practices.