1393 matches found
Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0) potentially affected by CVE-2019-10390 via com.splunk.splunkins:splunk-devops (>=1.0 <=1.7.0)
com.splunk.splunkins:splunk-devops MAVEN version =1.0, =1.0, =1.7.0 Source cves: CVE-2019-10390 Source advisory: OSV:GHSA-CJR8-5RW4-WH65...
How to Develop Machine Learning Skills for Every Employee in Your Company
Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...
This Week in Spring - May 24th, 2022
Hi, Spring fans! Im in Spain for business and not just a little pleasure. Yesterday, my partner, her mother, and I went to Formentera, Spain, a little island off of Ibiza, Spain. It was amazing. Were now in Ibiza, Spain, which is a little island not far from Barcelona, Spain, on the mainland of...
Yes, Containers Are Terrific, But Watch the Security Risks
Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don't mitigate these risks are vulnerable to attack. In this article, we outline how containers contribute...
Meet Mike Schiessl: Senior Technical Marketing Engineer
Meet Mike Schiessl to learn more about his career path, how companies can support a DevOps to DevSecOps transition, and the future of security and business...
Deep Dive: Protecting Against Container Threats in the Cloud
Containers are self-contained pods representing complete, portable application environments. They contain everything an application needs to run, including binaries, libraries, configuration files and dependencies Docker and Amazon Elastic, for instance, are two of the more well-known offerings...
New AWS Competency Category - Why It's Important
AWS DevOps competency recently added a new category, DevSecOps to its arsenal. Explore our overview of the category and why it matters to security and development teams building in the cloud...
Cryptomining Overview for DevOps
Learn the impacts of cryptomining attacks for DevOps as well as mitigation strategies to bolster security without impacting time to market delivery...
Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1
To the left, to the left, to the right, right — the CI/CD Pipeline is on the move. DevSecOps is all about adding security across the application lifecycle. A popular approach to application security is to shift left, which means moving security earlier in the software development lifecycle SDLC...
A clearer lens on Zero Trust security strategy: Part 1
Todays world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the...
Cybersecurity Basics: Authentication and Authorization
With most security incidents caused by exposed secrets in DevOps pipelines and tools, proper authentication and authorization is essential. Explore the basics of strong identity management to build more resilient apps...
Hcltm - Documenting Your Threat Models With HCL
Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...
5 Zero Trust Security Model DevOps Integrations
Learn how the zero trust security model can be integrated into your DevOps lifecycle without implicating the agility or speed of your application build...
IT Firm Globant Confirms Breach after LAPSUS$ Leaks 70GB of Data
The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as ...
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single...
A Search for API Security in the Operator’s Tool Box
Much has been written about modern application security tools and solutions from the provider’s perspective about their functionality and security features. When I was asked to write a blog about API Gateways and API Security, I felt it may be more useful to think about the subject from the user’...
Akamai and Linode: Giving Developers One Place to Build, Run, and Secure Apps
I am incredibly excited to announce that today we have completed the acquisition of Linode. You may have seen our press release announcing the acquisition, or listened to our earnings call during which our executives discussed why this is the right strategic investment for Akamai. But I wanted to...
CodeAnalysis - Static Code Analysis
Tencent Cloud Code Analysis TCA for short, code-named CodeDog inside the company early is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...
InsightAppSec GitHub Integration Keeps Risky Code From Reaching Production
We've all been there. The software development life cycle SDLC is moving at a mile a minute. Developers are writing code, updating features, and all the while attempting to keep everything introduced into production as safe and secure as possible. GitHub Actions are essential to automation and...