CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Scrub EXIF Image Data in Your DevOps Pipeline

In this post, we’ll go over why you need to scrub EXIF image data and how to integrate this process into your DevOps pipeline...

Security in Your DevOps Pipeline

...

Application Security 101

Security issues often arise as a result of applications being rushed for deployment without adequate checks and protections. What are the top security risks to applications and what can organizations do to secure their DevOps pipeline?...

CloudBees Jenkins Alauda DevOps Pipeline plugin authorization issue vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

PT-2019-14728 · Jenkins · Jenkins Alauda Devops Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

Capital One: Building Security Into DevOps

Capital One prides itself on staying at the forefront of IT innovations to give its business a competitive edge. For example, it adopted Agile software-development methodologies years ago, and uses artificial intelligence and machine learning. It was the first bank to implement a mobile wallet wi...

Securing Container Deployments with Qualys

With container adoption booming, security teams must protect the applications that DevOps teams create and deploy using this method of OS virtualization. The security must be comprehensive across the entire container lifecycle, and built into the DevOps pipeline in a way that is seamless and...

DevSecOps: Practical Steps to Seamlessly Integrate Security into DevOps

To properly and effectively protect DevOps pipelines, organizations can’t blindly apply conventional security processes they’ve used for traditional network perimeters. Since DevOps’ value is the speed and frequency with which code is created, updated and deployed, security must be re-thought so...

Continuous Security & Compliance Demo Series

This series shows you how to effectively navigate security risks, new regulations and new technologies in support of a secure and compliant digital transformation. Qualys product managers walk you through the new features of Qualys Cloud Platform and Apps and show you how to get maximum leverage...

QSC17: Qualys Battles the Silos, Helps Protect Digital Transformation Efforts

Digital transformation initiatives, if properly implemented, must go way beyond deploying the latest shiny IT systems. Instead, they must aim to fundamentally disrupt and reinvent business processes throughout the entire organization. That was the message Qualys Chief Product Officer Sumedh Thaka...