Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Rise of the Secure Developer from Atlassian Team '22: Tomás González - Partner Solution Architect

Jun 7, 2022 By Snyk In Snyk
This talk by Tomas Gonzalez, partner solutions architect at Snyk, talks about the rise of the security-conscious developer - someone who champions the use of new cloud technologies with a security mindset. This doesn’t mean developers are solely responsible for security risk management in isolation; secure developers are aware of risk management processes, are armed with the right technology to enforce them, and apply a shared-responsibility mentality to enable an agile, thriving secure business.
View Video

Enabling Self-Service Recovery in a Multi-Tenant Kubernetes Environment with CloudCasa and Capsule

Jun 6, 2022 By CloudCasa In CloudCasa
At KubeCon Europe 2022, we held a virtual booth office hour session with our new partner Clastix. In this video, Dario Tranchitella, the lead architect for Capsule by Clastix discusses and demonstrates how the combination of Capsule and CloudCasa provides easy self-service backup and recovery in a multi-tenant Kubernetes environment.
View Video

How Malicious NPM Packages Make Your Apps Vulnerable

Jun 6, 2022 By Snyk In Snyk
Zbyszek Tenerowicz (a.k.a. ZB) teaches us how we can be susceptible to malicious packages as developers. We also see demos on the possibilities of what a malicious package can do such as modify code, package.json publish scripts and more. You're sure to learn something new in this session and level up your Developer security skills. This was a recorded livestream titled "My NPM Package Will Eat Your Lunch".
View Video
mend

Introducing Mend Supply Chain Defender Integration with JFrog Artifactory

Jun 3, 2022 By Jack Marsal In Mend

When it comes to understanding the difference between open source software vulnerabilities and malicious threats, it’s helpful to think in terms of passive vs. active threats. Vulnerabilities can be attacked and exploited, but in a vacuum don’t pose a threat. Malicious threats are different —– they involve a threat actor actively planning to attack you.

Read Post
teleport

Amazon RDS Just-in-Time (JIT) Access With Teleport and Slack

Jun 3, 2022 By Janakiram MSV In Teleport

This blog is part three in a series about secure access to Amazon RDS. In Part 1, we covered how to use OSS Teleport as an identity-aware access proxy to access Amazon RDS instances running in private subnets. Part 2 explained implementing single sign-on (SSO) for Amazon RDS access using Okta and Teleport. In Part 3, we will guide you through the steps to configure privilege escalation for just-in-time access requests for Amazon RDS access.

Read Post

Software Supply Chain Security for Open Source Projects

Jun 2, 2022 By JFrog In JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
View Video
veracode

Developing Secure Software With Confidence

Jun 2, 2022 By Colleen Reidy In Veracode

Software development and security often have separate challenges and concerns. Developers are worried about pushing software to production in a timely manner. Security teams worry about the security of the code being pushed. Veracode offers a solution that meets the needs of both sides. On Peerspot, where Veracode is ranked number one in application security, users discuss how Veracode enables them to build an advanced application security program.

Read Post

Software Supply Chain Security for Open Source Projects - it's time to prepare!

Jun 2, 2022 By JFrog In JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.