10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
(Brought to you by Uptycs. Underwriters of Threatpost podcasts do not assert any editorial control over content.)
Applications are cybercriminals’ favorite ways to crack open targeted organizations.
Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving.
Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and safe cloud app rollouts.
They dropped by the Threatpost podcast recently to share tips on DevSecOps, including:
…as well as how to deal with the boatload of animosity between development and security teams. One tip: Assume positive intent!
Heads-up: Along with Aron Eidleman, Partner Solutions Architect at AWS, Alex and Johnathan will be participating in a joint webinar on Feb. 23 to discuss the importance of layering security practices into your DevOps workflows.
You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.
Join Threatpost on Wed. Feb 23 at 2 PM ET for a LIVE roundtable discussion “The Secret to Keeping Secrets,” sponsored by Keeper Security, focused on how to locate and lock down your organization’s most sensitive data. Zane Bond with Keeper Security will join Threatpost’s Becky Bracken to offer concrete steps to protect your organization’s critical information in the cloud, in transit and in storage. REGISTER NOW and please Tweet us your questions ahead of time @Threatpost so they can be included in the discussion.
traffic.libsyn.com/digitalunderground/021422_GitLab_HackerOne_Mixdown_1.mp3
threatpost.com/apps-built-better-devsecops-security-silver-bullet/167793/
threatpost.com/category/podcasts/
threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar
threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar
www.hackerone.com/events/mitigate-risk-cloud-ethical-hackers-and-devops?utm_source=gitlab&utm_medium=partner&utm_campaign=social-mitigate-risk-cloud-with-hackers-devops
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C