Deep Dive: Protecting Against Container Threats in the Cloud

Containers are self-contained pods representing complete, portable application environments. They contain everything an application needs to run, including binaries, libraries, configuration files and dependencies Docker and Amazon Elastic, for instance, are two of the more well-known offerings...

New AWS Competency Category - Why It's Important

AWS DevOps competency recently added a new category, DevSecOps to its arsenal. Explore our overview of the category and why it matters to security and development teams building in the cloud...

Cryptomining Overview for DevOps

Learn the impacts of cryptomining attacks for DevOps as well as mitigation strategies to bolster security without impacting time to market delivery...

Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1

To the left, to the left, to the right, right — the CI/CD Pipeline is on the move. DevSecOps is all about adding security across the application lifecycle. A popular approach to application security is to shift left, which means moving security earlier in the software development lifecycle SDLC...

A clearer lens on Zero Trust security strategy: Part 1

Todays world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the...

Cybersecurity Basics: Authentication and Authorization

With most security incidents caused by exposed secrets in DevOps pipelines and tools, proper authentication and authorization is essential. Explore the basics of strong identity management to build more resilient apps...

Hcltm - Documenting Your Threat Models With HCL

Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...

5 Zero Trust Security Model DevOps Integrations

Learn how the zero trust security model can be integrated into your DevOps lifecycle without implicating the agility or speed of your application build...

IT Firm Globant Confirms Breach after LAPSUS$ Leaks 70GB of Data

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as ...

Microsoft: Lapsus$ Used Employee Account to Steal Source Code

In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single...

A Search for API Security in the Operator’s Tool Box

Much has been written about modern application security tools and solutions from the provider’s perspective about their functionality and security features. When I was asked to write a blog about API Gateways and API Security, I felt it may be more useful to think about the subject from the user’...

Akamai and Linode: Giving Developers One Place to Build, Run, and Secure Apps

I am incredibly excited to announce that today we have completed the acquisition of Linode. You may have seen our press release announcing the acquisition, or listened to our earnings call during which our executives discussed why this is the right strategic investment for Akamai. But I wanted to...

CodeAnalysis - Static Code Analysis

Tencent Cloud Code Analysis TCA for short, code-named CodeDog inside the company early is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...

InsightAppSec GitHub Integration Keeps Risky Code From Reaching Production

We've all been there. The software development life cycle SDLC is moving at a mile a minute. Developers are writing code, updating features, and all the while attempting to keep everything introduced into production as safe and secure as possible. GitHub Actions are essential to automation and...

Why IaC Security Should Matter to CISOs

Explore how secure infrastructure-as-code IaC enables security leaders to help DevOps teams quickly deliver more business value...

High-Severity RCE Bug Found in Popular Apache Cassandra Database

Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that’s easy to exploit and, if left unpatched, could enable attackers to gain remote code execution RCE. The bug, which involves how Cassandra creates...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +94 more potentially affected by CVE-2022-25173 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.92)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2022-25173 Source advisory: OSV:GHSA-4M7P-55JM-3VW...

Analyzing DevSecOps vs. DevOps

Learn the difference between DevSecOps and DevOps and get tips to smoothly embed security throughout the entire build lifecycle...

Workshop: Building Modern Applications with DevOps Security

In this workshop, you’ll learn how to leverage DevOps Security with your serverless applications running on AWS Lambda or containerized applications running on AWS Fargate. Learn how to make cloud security more efficient, proactive, and gain visibility...

Apache Log4j: Mitigation for DevOps

What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities...