Cloud Misconfig Mistakes Show Need For DevSecOps

Developers have become accustomed to deploying apps in data centers with what could be described as a “crunchy hard outer layer,” to keep their data center secure. But when it comes to the public cloud, “it just doesn’t exist that way,” said Ryan Olson, vice president of threat intelligence with...

Cloud Misconfig Mistakes Show Need For DevSecOps

Developers have become accustomed to deploying apps in data centers with what could be described as a “crunchy hard outer layer,” to keep their data center secure. But when it comes to the public cloud, “it just doesn’t exist that way,” said Ryan Olson, vice president of threat intelligence with...

RiskAssessmentFramework - Static Application Security Testing

The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework's Static...

2020 Cybersecurity Trends to Watch

The wheels of 2020’s biggest cybersecurity threats have already been set motion. Mobile, the cloud and artificial intelligence, to name a few, are trends that will continue to be exploited by criminals. Couple that with the rapid growth of software development and a cybersecurity skills shortage...

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Abstract Trivy tri pronounced like tri gger, vy pronounced like envy is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the softwar...

4 DevOps Strategies to Boost Your Security

DevSecOps is more than a corporate buzzword. As a combined term, DevSecOps bears out the interdependence of responsibilities that lead to security transformation from a fixed set of inflexible tools into security as a process. The post 4 DevOps Strategies to Boost Your Security appeared first on...

Shift to Microservices: Evolve Your Security Practices & Container Security

Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...

Shift to Microservices: Evolve Your Security Practices & Container Security

Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...

This Week in Security News: How a Partnership can Advance DevSecOps and Cybersecurity Issues in the Midwest and South U.S.

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how Trend Micro’s partnership with Snyk will advance DevSecOps. Also, read about cyber attacks affecting hospitals in Alabama an...

ThreatList: Human Error is Behind One Quarter of Data Breaches

One quarter of all data breaches last year were caused by human error. The average cost of all breach in the same time period was $3.92 million, a 1.5 percent increase from the year before. Click to enlarge. That’s according to the 14th annual Cost of a Data Breach report from the Ponemon Institu...

Video Training Update, July 2019

The Qualys Training team released a major update to the Vulnerability Management Certified Training Course. We’ve also built out two new video libraries showing how to assess business process risk and how to secure cloud infrastructures in DevSecOps environments using AWS Golden AMI pipelines. An...

Countdown to Black Hat: Top 10 Sessions to Attend — #1

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event. The training sessions provide both offensive and defensive skills that security pros can use to tackle critical...

Using Threat Modeling in Cybersecurity to Hunt and Remediate

Modern-day cyberattacks keep growing in sophistication and sheer volume. This dynamic makes it virtually impossible to detect and block all attacks using the traditional methods of comparing incoming requests to known attack signatures. To effectively operate in this new aggressive cyberthreat...

Visit Wallarm at Google Cloud Next

April 9–11, San Francisco, CA We are excited to join the community of the GCP professionals and demonstrate Wallarm web and API protection solutions custom-built for Google Cloud-powered applications. A certified GCP-partner, Wallarm delivers AI-powered security solution built to help your busine...

Why DevOps is Becoming More Like DevSecOps

Editor's Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In the year 2000, a Time magazine essay authored by Steward...

What to Expect at RSA 2019

Attending RSAC 2019? The week promises to be full of exciting content, useful connections, networking and insights into new security trends. BSides San Francisco The week will start on March 3rd with the amazing BSides event. The BSides community has continuously raised the bar and put the INFO...

Assess Vulnerabilities, Misconfigurations in AWS Golden AMI Pipelines

Today we’re starting a blog series focused on how to integrate Qualys solutions into DevSecOps for securing cloud infrastructures. In this initial post, we’ll discuss the importance of assessing vulnerabilities and misconfigurations on AWS pipelines. When developing golden Amazon Machine Images...

stoQ - An Open Source Framework For Enterprise Level Automated Analysis

stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed...

My Takeaways from the Gartner I&O Conference

By Renata Budko, Wallarm Last week I spent a few days in Las Vegas with the great folks at the Gartner IT Infrastructure, Operations & Cloud Strategies Conference. Gathered for the conference there were experts around the world from analysts to VPs to infrastructure and operations leaders to...

DevAudit - Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool

DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing capabilities that automate...