When it comes to maturing an AppSec program, there are several best practices that can help you get started. In part two of our AppSec podcast series, Tim Jarrett, Director of Product Management at Veracode, and Kyle Pippin, Director of Product Management at ThreadFix, share the top 3 things they’ve learned from organizations that have successfully matured and scaled their AppSec programs.

Scalper bots are designed to automatically purchase online goods. Generally, they do this by adding a product to a cart and completing the checkout process far faster than any human could hope to do so. They exploit vulnerabilities in websites to purchase goods before they are even listed as available to the usual human users of a website. Those using scalper bots have a huge advantage over non-bot users when it comes to purchasing limited-quantity items.

The efficacy of remote work has been debated for decades. Now, as companies begin pursuing a post-Covid-19 reality, the debate is finally settled. According to some of the most prominent companies in Silicon Valley, including Google, Facebook, Twitter and Apple, the answer is a hybrid model. Rather than being dogmatic and dichotomous about workplace arrangements, these companies find value in a hybrid model that includes a flexible mix of on-site and remote teams.

The goal of every cybersecurity strategy is to stop cyberthreats before they have a material impact. This has resulted in many organizations seeking to be more proactive in their response to potential threats by employing solutions to detect and prevent specific types of cyberattacks by monitoring for the earliest indicators of attacks found within network traffic.

When it comes to productivity, agility, and efficiency - continuous integration/continuous delivery (CI/CD) pipelines are great. When it comes to ensuring cybersecurity, they leave a lot to be desired. In fact, and especially given the popularity of CI/CD pipelines now, securing continuous environments might turn into the most important security challenge of the next decade.

Believed active since 2004, if not much earlier, Turla is a high sophistication Russian-nexus threat group with espionage and intelligence gathering motivations targeting organizations worldwide. We have wrote about them in the past here. Known by many security vendor assigned names over the years including Turla Team, Uroburos and Venomous Bear, this bulletin provides an overview of Turla-attributed threats as observed over the past six months.

PCI is an information security standard for organisations that handle credit card transactions. It includes any entity that processes, stores or transmits credit card information. This standard is mandated by major credit card companies – Visa, Mastercard, and American Express – and administered by Payment Card Industry Security Standards Council (PCI SSC).

In order to develop stable and secure applications, you need to inspect and verify that your software performs as expected. The most common approaches to testing software are white box testing, black box testing, and gray box testing. While white box testing and black box testing have their pros and cons, gray box testing combines the two testing approaches in an attempt to overcome their deficits.

In the times when data breaches and cybersecurity incidents have become everyday news, the world requires entities which can enhance thought leadership in the field of cybersecurity. And thankfully, there are some bodies which are exactly working to strengthen the privacy and security culture in the cybersecurity landscape.

We’re really excited to announce that Open Policy Agent (OPA) is now a graduated project in the Cloud Native Computing Foundation (CNCF)! OPA joins projects like Kubernetes, Envoy, Prometheus, Fluentd (and ten others) that the CNCF recognizes for achieving broad adoption by the cloud-native community and maturity in its development processes. As the creators of OPA, we couldn’t be prouder!