QSC18 Virtual Edition: Securing Containers – From Build to Deployments

DevOps teams have embraced Docker container technology because it boosts speed, agility, and flexibility in app development and delivery. But it also creates security and compliance challenges. “Containers are revolutionizing the IT landscape,” Hari Srinivasan, a Qualys Director of Product...

Dependency-Track - An Intelligent Software Composition Analysis (SCA) Platform That Allows Organizations To Identify And Reduce Risk From The Use Of Third-Party And Open Source Components

Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components however, comes at a cost. Organizations that build on top o...

QSC18 Virtual Edition: Securing Hybrid IT Environments from Endpoints to Clouds

As organizations embrace digital transformation to boost business processes, traditional IT environments get altered, becoming distributed, elastic and hybrid. “That’s creating a new challenge for security,” Chris Carlson, Qualys’ Product Management VP, said during QSC18 Virtual Edition. As...

22K Open, Vulnerable Containers Found Exposed on the Net

More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud. According to research from Lacework, the containers Kubernetes, Mesos, Docker Swarms and more suff...

QSC18 Virtual Edition – Building Security In: The Qualys Cloud Platform and Architecture

Digital transformation, driven primarily by the DevOps movement, represents a new opportunity “to redo IT from scratch, but more importantly, to redo security from scratch,” Sumedh Thakar, Qualys' Chief Product Officer, said during QSC18 Virtual Edition. Specifically, organizations can organicall...

This Week in Security News: Cyber Leads and Email Frauds

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, The Trump Administration added a cyber lead at Homeland Security and the Energy Department. Also, the FBI announced the arrest of 74 “email...

Extending Trend Micro’s Container Protection with Deep Security Smart Check

DevOps is not a single person or business unit, it is a development philosophy that exists within many organizations. DevOps teams build new applications for business growth, and extend critical monolithic applications into modern architectures. A key tenet of this philosophy uses microservices t...

wipro-jira-devops.bos.infocrossing.com XSS vulnerability

Open Bug Bounty ID: OBB-630883 Description| Value ---|--- Affected Website:| wipro-jira-devops.bos.infocrossing.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

Archerysec - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynami...

DevSecOps: Practical Steps to Seamlessly Integrate Security into DevOps

To properly and effectively protect DevOps pipelines, organizations can’t blindly apply conventional security processes they’ve used for traditional network perimeters. Since DevOps’ value is the speed and frequency with which code is created, updated and deployed, security must be re-thought so...

Bejtlich Joining Splunk

Since posting Bejtlich Moves On I've been rebalancing work, family, and personal life. I invested in my martial arts interests, helped more with home duties, and consulted through TaoSecurity. Today I'm pleased to announce that, effective Monday May 21st 2018, I'm joining the Splunk team. I will ...

Gaining Control over Your Digital Certificates

Digital certificate management is in an inadequate state at most organizations, a serious problem, considering that SSL/TLS certificates are critical for a host of e-business functions. “If you’re doing something on the Internet, you’re using SSL,” Asif Karel, a Qualys Director of Product...

Akamai 2018 Spring Release, In A Nutshell

Progressing Towards Our Future in The Cloud, Together As organizations continue to fuel and execute on their digital transformation ambitions, they're increasingly finding significant business agility and cost savings by adopting cloud, multi-cloud, or hybrid architectures. Availability, security...

DevOps-Ready WAF: Scaling Security for a More Agile Environment

With the maturation of DevOps, the growing concern around the security and compliance of more agile application development systems has made 2018 the year for DevSecOps. According to a study by Gartner, over 80% of development teams will have embedded DevSecOps by 2021. When evaluating how a WAF...

Continuous Web Security Assessment for Production and DevOps Environments

Web applications have become essential for business, as they simplify and automate key functions and processes for employees, customers and partners, making organizations more agile, innovative and efficient. Unfortunately, many web applications are also unsafe due to latent vulnerabilities and...

Securing your Cloud and Container DevOps Pipeline

Organizations are aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, Google Cloud, and Microsoft’s Azure, upping the ante for InfoSec teams, which must protect these new environments. Driving this growth in cloud computing adoption is its essential role in digital...

Web Application Firewalls: The Definitive Primer

Firewalls have traditionally been focused on network layer traffic. As attacks have evolved, however, they have climbed the ladder of the Open Systems Interconnection OSI model. Web Application Firewalls WAFs have developed as a result, not only to track network traffic but also to understand...

Open Source Vulnerability Assessment and Management: Archery

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scaning for web application and network. It also performs web application dynamic...

Weather Forecast for April — It’s Raining Security Pros

As you are planning out your spring calendar, make sure an April visit to San Francisco is on it. Anchored by RSA Conference 2018, San Francisco will become a center of US security life for a week. The week will start with some training events and, of course, BSides San Francisco. Bsides is a...

Intelligent Software Composition Analysis Platform: Dependency-Track

Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components however, comes at a cost. Organizations that build on top o...