Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Spectral

The Developer's Guide to IaC Scanning

Jul 27, 2022 By Eyal Katz In Spectral

IaC (infrastructure as code) is the latest tool to transform the face of IT infrastructure – in a nutshell, it means managing and provisioning infrastructure through code instead of manual processes. IaC provides developers with a blueprint that allows them to create tools and provision infrastructure on-demand while staying in control, increasing efficiency, and maintaining consistency when deploying updates and changes.

Read Post

[Webinar] Detecting intrusion in DevOps environments with AWS canary tokens

Jul 27, 2022 By GitGuardian In GitGuardian
Last year, hardcoded secrets made it 2nd to the OWASP Top 10 Web Application Security Risks. This year, the vulnerability gained a spot and now ranks 15th on the MITRE CWE Top 25 Most Dangerous Software Weaknesses. Needless to say, no organization wants to have its secrets exposed during software development. But what if I told you security teams could use hardcoded secrets to their advantage? Join me on Wednesday, July 27th, for a live discussion with Eric Fourrier, CTO at GitGuardian, on how to detect compromised developer and DevOps environments with canary tokens.
View Video
mend

How attackers leverage example apps/reproduction scripts to attack OSS maintainers

Jul 26, 2022 By Maciej Mensfeld In Mend

A possible method of attacking your code base is a bit of social engineering that involves using open source to report potential bugs in software that provides reproduction applications. These applications can include malicious code that can compromise your software and applications. In the blog post, we’ll briefly look at why and how they operate, and how to mitigate this practice.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.