%term

Are You CODEfident?

Oct 3, 2022 By Arabella Hallawell In Mend

We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s when we realized: modern application security programs are different. They run on CODEfidence. Let me explain.

Read Post

Mend

Read more about Are You CODEfident?

#DevOpsSpeakeasy at #swampUP San Diego 2022 with Eyal Ben Moshe

Oct 3, 2022 By JFrog In JFrog

In this interview, we speak to Eyal Ben Moshe, Head of the Ecosystem Engineering Group at JFrog, about the importance of shifting left and providing tools for developers to keep their software secure. He specifically discusses the release of Frogbit and Docker Desktop Extension and teases the BuildInfo resource, the metadata associated with a build in Artifactory.

View Video

JFrog

DevOps

Read more about #DevOpsSpeakeasy at #swampUP San Diego 2022 with Eyal Ben Moshe

Scaling Developer Security in Financial Organisations: Best Practices from ClearBank

Oct 3, 2022 By Snyk In Snyk

Join us for a virtual Q&A with Seb Coles, Engineering Manager at ClearBank, and Simon Maple, Field CTO at Snyk.

View Video

Snyk

Read more about Scaling Developer Security in Financial Organisations: Best Practices from ClearBank

Kubernetes Access support for Teleport Connect

Oct 3, 2022 By Ben Arent In Teleport

Teleport 10.3 was released on September 30, 2022 along with a lot of new features, bug fixes and improvements. This blog post will focus on one new feature that deserves a deeper dive.

Read Post

Teleport

Read more about Kubernetes Access support for Teleport Connect

Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm

Oct 2, 2022 By Maciej Mensfeld In Mend

Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign. On October 02, 2022 at 12:12 UTC, a new npm account was registered, and a package called nuiversalify was immediately uploaded. The same threat actor then proceeded to publish more typo/spellcheck squattings of popular packages until 14:03:29 UTC, with small but irregular time gaps between uploads.

Read Post

Mend

Read more about Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm

This Week in VulnDB

Sep 30, 2022 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB

CI/CD Security: How to Keep your CI/CD Pipelines Secure

Sep 28, 2022 By Jonathan Kaftzan In ARMO

The tech sector is expanding aggressively. And for businesses and services, keeping up with this growth implies only one thing: integrate new technologies and innovate at pace or be left out.

Read Post

ARMO

Read more about CI/CD Security: How to Keep your CI/CD Pipelines Secure

Snyk IaC for Terraform Enterprise: Expanding Snyk compatibility with HashiCorp Terraform

Sep 28, 2022 By Sarah Conway In Snyk

Even the most precise and regimented DevOps teams can be plagued by numerous post-deployment security issues, causing potentially damaging production delays and engineering rework. Building on Snyk’s successful acceleration of DevSecOps, Snyk IaC empowers developers to treat Terraform like any other form of code and proactively test IaC early as well as continuously monitor infrastructure post-deployment.

Read Post

Snyk

Read more about Snyk IaC for Terraform Enterprise: Expanding Snyk compatibility with HashiCorp Terraform

Introduction to OWASP's Vulnerable Node.js Apps: Part 1 | Snyk

Sep 28, 2022 By Snyk In Snyk

Introduction to OWASP's Vulnerable Node.js Apps During this livestream we give an introduction to a vulnerable Node.js application created by the OWASP organization. We also show how some of the OWASP Top 10 security risks apply to web applications, and also how to mitigate these concerns. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.

View Video

Snyk

Read more about Introduction to OWASP's Vulnerable Node.js Apps: Part 1 | Snyk

Stranger Danger: Your Java Attack Surface Just Got Bigger

Sep 28, 2022 By Snyk In Snyk

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your Java Attack Surface Just Got Bigger

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Are You CODEfident?

#DevOpsSpeakeasy at #swampUP San Diego 2022 with Eyal Ben Moshe

Scaling Developer Security in Financial Organisations: Best Practices from ClearBank

Kubernetes Access support for Teleport Connect

Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm

This Week in VulnDB

CI/CD Security: How to Keep your CI/CD Pipelines Secure

Snyk IaC for Terraform Enterprise: Expanding Snyk compatibility with HashiCorp Terraform

Introduction to OWASP's Vulnerable Node.js Apps: Part 1 | Snyk

Stranger Danger: Your Java Attack Surface Just Got Bigger

Monthly Archive

Follow Us