Now Available on GitHub: Akamai CLI Utility v1.0 for Akamai Terraform

With v0.9 of the Akamai CLI for Terraform, application development teams can build on infrastructure as code IaC and maintain rapid development without compromising security...

Top 5 Infrastructure as Code Security Challenges

Learn how to counteract the top five challenges of IaC and discover how these obstacles pose a threat to security and gain valuable insight in how to mitigate these risks...

Application Security in 2022: Where Are We Now?

It’s always a good thing to take a step back every once in a while to take the lay of the land. Like you, we are always working at a breakneck pace to help secure the web applications being built today and ready ourselves to secure the innovations of the future. When Forrester put out The State o...

Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin

Configuration as Code Plugin logs the changes it applies to the Jenkins system log. Secrets such as passwords should be masked i.e. replaced with asterisks in that log to prevent accidental disclosure. Between Configuration as Code Plugin 0.8-alpha and 1.0, log messages contained values if the...

Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

GHSA-8486-H39X-CX2F Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

5 Benefits of Detection-as-Code

TL;DR: Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. Ho...

Red Team lab automation

It’s not uncommon for red teamers to regularly tear down and rebuild their test labs, I know I do on a sometimes daily basis. It keeps things fresh and manageable, and now, using Infrastructure as Code IaC, we can create a consistent environment to test tools and techniques in. If we break...

Checkov - Prevent Cloud Misconfigurations During Build-Time For Terraform, CloudFormation, Kubernetes, Serverless Framework And Other Infrastructure-As-Code-Languages

Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Dockerfile, Serverless or ARM Templates and detects securi ty and compliance misconfigurations using graph-based...

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

GHSA-FPJ7-9XM6-8HGR Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin prior to 1.55.1, 1.54.1, 1.53.1, and 1.47.1 does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use statistical methods to obtain a valid authentication token. Configurati...

Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin prior to 1.55.1, 1.54.1, 1.53.1, and 1.47.1 does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use statistical methods to obtain a valid authentication token. Configurati...

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

CVE-2022-23106

CVE-2022-23106 affects Jenkins Configuration as Code Plugin (versions up to 1.55). The issue is a non-constant time comparison when validating an authentication token, enabling attackers to use statistical methods to deduce a valid token. The available connected documents corroborate the vulnerab...

Jenkins 安全漏洞

Jenkins Plugin is an open source application for Jenkins. A security vulnerability exists in Jenkins Plugin Configuration, which stems from the use of non-constant time comparison functions in validating authentication tokens in Jenkins Configuration as Code Plugin 1.55 and earlier, allowing an...

PT-2022-15848 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.55 and earlier Description: The issue arises from the use of a non-constant time comparison function when validating an authentication token, allowing attackers to potentially use statistical...

How to Get Started With Application Security

With a comprehensive security stack, Akamai’s application security solutions defend your entire ecosystem from threats. But before you can reap the benefits that come with application security, you need to create a configuration with Akamai’s APIs. Our Developer Advocacy team is here to walk you...

Shisho - Lightweight Static Analyzer For Several Programming Languages

Shisho is a lightweight static analyzer for developers. Please seethe usage documentation for further information. Try at Playground You can try Shisho at our playground. Try with Docker You can try shisho in your machine as follows: echo "func testv string int return lenv + 1; " | docker run -i...

Azure network security helps reduce cost and risk according to Forrester TEI study

As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools ...