1320 matches found
Automate Compliance in the Well-Architected Framework
Explore how Edrans, a DevOps, IT, and software consultancy, is using Trend Micro Cloud One™ – Conformity to adhere to the Well-Architected Framework and boost customers’ security, performance, and compliance...
Application Security 101
Security issues often arise as a result of applications being rushed for deployment without adequate checks and protections. What are the top security risks to applications and what can organizations do to secure their DevOps pipeline?...
Dynamic Swagger Support Comes to Imperva
It’s no secret that the shift to DevOps deployments has taken center stage at organizations small and large. The ability to quickly configure, manage and update via APIs is critical to a company’s ability to push out small iterative changes, without human intervention. And Swagger has become the...
Microsoft Azure DevOps Server Cross-Site Scripting Vulnerability (CNVD-2020-45312)
Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as sharing code, work tracking, and software distribution. A cross-site scripting vulnerability exists in Microsoft Azure DevOps Server versions...
Fixing cloud migration: What goes wrong and why?
The cloud space has been evolving for almost a decade. As a company we’re a major cloud user ourselves. That means we’ve built up a huge amount of in-house expertise over the years around cloud migration — including common challenges and perspectives on how organizations can best approach project...
CVE-2020-1326
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
CVE-2020-1326
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
Cross site scripting
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
CVE-2020-1326
CVE-2020-1326 is an XSS flaw in Azure DevOps Server caused by improper sanitization of user-supplied input. Reports in multiple sources (MSRC advisory) describe an authenticated attacker able to trigger cross-site scripting in the context of the affected user. The vulnerability affects Azure DevO...
CVE-2020-1326
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
Azure DevOps Server Cross-site Scripting Vulnerability
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Azure DevOps Server, which will get executed in the context of the user...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (July 2020)
The Microsoft Team Foundation Server or Azure DevOps Server is missing security updates. It is, therefore, affected by a cross-site scripting XSS vulnerability due to not properly sanitizing user-provided input. An authenticated, remote attacker can exploit this by sending a specially-crafted...
KLA11859 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Windows Diagnostics Hub...
Add Ergonomic Security to Your CI/CD Pipeline
Wikipedia defines ergonomics as “the application of psychological and physiological principles to the engineering and design of products, processes, and systems. The goal … is to reduce human error, increase productivity, and enhance safety and comfort with a specific focus on the interaction...
Risk Decisions in an Imperfect World
Risk decisions are the foundation of information security. Sadly, they are also one of the most often misunderstood parts of information security. This is bad enough on its own but can sink any effort at education as an organization moves towards a DevOps philosophy. To properly evaluate the risk...
How to Secure DevOps in Microsoft Azure
Want to establish best practices within Microsoft Azure? Learn how to integrate a Secure DevOps Kit for Azure AzSK at the subscription level, as well as in your development process during coding, CI/CD pipeline, and future alerting and reporting...
The Evolution of DevSecOps
The DevOps methodology offers organizations of all sizes from across all industries a framework for delivering value and responsiveness. Instead of traditional distinct development and operations teams, DevOps embraces multidisciplinary teams that use efficient practices that support continuous...
The Fear of Vendor Lock-in Leads to Cloud Failures
Vendor lock-in has been an often-quoted risk since the mid-1990’s. Fear that by investing too much with one vendor, an organization reduces their options in the future. Was this a valid concern? Is it still today? The Risk Organizations walk a fine line with their technology vendors. Ideally, you...
DNS as Code
Infrastructure as Code IaC and Continuous Delivery methods have become increasingly popular amongst development and operations teams as a means of maintaining high-performing websites. Code repositories, build servers, and configuration management systems are now industry standards, as these tool...
Barracuda and Microsoft: Securing applications in public cloud
This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Barracuda Cloud Application Protection CAP platform features integrations with Microsoft Azure Active Directory Azure AD and Azure Security Center. A component of CAP,...