DevSecOps

Accelerating AppSec with Mend.io and Sysdig

May 7, 2024 By Eric Carter In Sysdig

Today at RSA Conference 2024, Mend.io and Sysdig unveiled a joint solution targeted at helping developers, DevOps, and security teams accelerate secure software delivery from development to deployment. The integration incorporates the exchange of runtime insights and application ownership context between Sysdig Secure and Mend Container to provide users with superior, end-to-end, and risk-based vulnerability prioritization and remediation across development and production environments.

Read Post

Sysdig

Read more about Accelerating AppSec with Mend.io and Sysdig

A Primer for the Cyber Resilience Act (CRA)

May 7, 2024 By David Melamed In Jit

The Cyber Resilience Act (CRA) is a new cybersecurity regulation that aims to ensure the security of “products with digital elements” (PDEs) sold in the EU market.

Read Post

Jit

Read more about A Primer for the Cyber Resilience Act (CRA)

How Vana Improved Product Security Without In-House Expertise

May 6, 2024 By Jit In Jit

Learn how Vana was able to improve their product security without having to hire any in-house expertise on code and cloud security.

View Video

Jit

Read more about How Vana Improved Product Security Without In-House Expertise

Understanding OWASP ASVS Security Coverage

May 5, 2024 By David Melamed In Jit

Web applications serve as the backbone of business operations, and the rise in cyber threats has put a spotlight on vulnerabilities that can compromise the integrity and confidentiality of web applications. But where to start? Security frameworks can help security and development teams understand the top risks and how to harden their applications against them, while guiding technical professionals on how to protect their applications against attacks.

Read Post

Jit

Read more about Understanding OWASP ASVS Security Coverage

When and How to Use Trivy to Scan Containers for Vulnerabilities

Apr 29, 2024 By Liron Biam In Jit

Containers are integral to modern application development portability, resource efficiency, and ease of deployment. But there is a flip side to these benefits. Unlike traditional applications, containers bundle everything needed to run, making them a scattered setup for hidden security issues. 54% of container images in Docker Hub were found to contain sensitive information that could lead to unauthorized access, data breaches, or identity theft.

Read Post

Jit

Read more about When and How to Use Trivy to Scan Containers for Vulnerabilities

When and How to Create a Software Bills of Materials (SBOM)

Apr 26, 2024 By Charlie Klein In Jit

A Software Bill of Materials (SBOM) inventories all of the open source components and other third-party libraries within a codebase. Much like IKEA instructions explain which parts are included in the package for your new furniture, an SBOM describes all of the third party components in your codebase. Most SBOMs contain the following information about the make-up of an application: Security vulnerabilities: a key use case for SBOM is understanding the security risks of third party components.

Read Post

Jit

Read more about When and How to Create a Software Bills of Materials (SBOM)

A C-Suite View of Cloud DevSecOps Today and Tomorrow

Apr 26, 2024 By Panoptica In Panoptica

Hear about trends of innovative security leaders and how developers and security practitioners can best collaborate together through aligned incentives and strong communication. Outshift is Cisco’s incubation engine, innovating what's next and new for Cisco products and sharing our expertise on emerging technologies. Discover the latest on cloud native applications, cloud application security, generative AI, quantum networking and security, future-forward tech research, our latest open-source projects and more.

View Video

Panoptica

Read more about A C-Suite View of Cloud DevSecOps Today and Tomorrow

5 Best Open Source Application Security Security Tools in 2024

Apr 25, 2024 By David Melamed In Jit

As cybersecurity becomes increasingly important in software development, the “shift left” security approach is widely recognized as a best practice for ensuring superior application security. Numerous traditional security firms are introducing shift-left products and capabilities, and the concept is gaining traction. However, some open source application security tools are more developer-friendly than others.

Read Post

Jit

Read more about 5 Best Open Source Application Security Security Tools in 2024

Vulnerability Assessments vs. Penetration Testing: Key Differences

Apr 24, 2024 By Moshiko Lev In Jit

In the race for technological innovation, companies often sprint toward product launches but find themselves in a marathon when fixing vulnerabilities. This dichotomy poses a significant challenge, especially with the ever-increasing security loopholes. CISA recommends addressing critical issues in less than 15 days, but it may be wishful thinking. IT teams are inundated with an ever-increasing volume of security alerts, making it challenging to prioritize and address each one effectively.

Read Post

Jit

Read more about Vulnerability Assessments vs. Penetration Testing: Key Differences

Secure-by-Design Software in DevSecOps

Apr 24, 2024 By Guest Expert In GitGuardian

In this new series, CJ May shares his expertise in implementing secure-by-design software processes. The second part of his DevSecOps program is all about implementing secure-by-design software pipelines.

Read Post