In view of the more frequent and more sophisticated attacks on the software supply chain, securing the software development lifecycle has become more important than ever. But that’s easier said than done. Manual security scans require far too man…
Tag: DevSecOps
Europe, Global Security News, North America
Agile, Reliable, Secure, Compliant IT – Fulfilling the Promise of DevSecOps
by Dariel Marlow11 MIN READ •
The post Agile, Reliable, Secure, Compliant IT – Fulfilling the Promise of DevSecOps appeared first on PeoplActive.
The post Agile, Reliable, Secure, Compliant IT – Fulfilling the Promise of DevSecOps appeared first on Security Boulevard.
Europe, Global Security News, North America
Survey Surfaces Need For More Security Collaboration
by Michael Vizard •
A survey of more than 2,000 IT decision-makers and security operations (SecOps) professionals in the U.S., United Kingdom and Australia found lots of room for improvement when it comes to the way cybersecurity and IT operations teams collaborate. The …
Europe, Global Security News, North America
Lacework Polygraph Platform Adds Support for Agentless Approach
by Michael Vizard •
Lacework this week revealed it is adding an agentless approach to securing workloads that can be employed alongside the agent software the company already makes available for the Lacework Polygraph Data Platform. Kate MacLean, senior director of produ…
Europe, Global Security News, North America
CodeSec by Contrast Security – Evaluator Guide
by Orlando Villanueva •
CodeSec by Contrast brings enterprise-level security right to your development workflow for free. Make code and serverless security simple and efficient with quick scan times, market-leading accuracy, actionable results and seamless integration. …
Europe, Global Security News, North America
Key Highlights From the New NIST SSDF
by Guest Expert •
In this article, we’ll be going over the 1.1 revision of The Secure Software Development Framework that was published earlier this year.
The post Key Highlights From the New NIST SSDF appeared first on Security Boulevard.
Europe, Global Security News, North America
A Sneak Peek Into Contrast’s New Developer Security Tool
by Pauline Logan, Sr. Product Manager, CodeSec, Contrast Security •
Coming June 2, Contrast Security will be unveiling its newest security scanning tool designed for developers by security experts: CodeSec. This blog provides a sneak peek into what the tool is and how Contrast aims to empower developers with ente…
Europe, Global Security News, North America
The State of Application Security with Tanya Janca
by Tom Eston •
Tanya Janca, founder of the We Hack Purple Academy, Director of Developer Relations and Community at Bright, and author of “Alice & Bob Learn Application Security” joins us to discuss the current state and future of Application Security. In this ep…
Global Security News, North America
DevSecOps glossary: Important terms for security professionals
by Jenna Inouye •
The world of cybersecurity is constantly changing. Improve your DevSecOps knowledge with these critical concepts.
The post DevSecOps glossary: Important terms for security professionals appeared first on TechRepublic.
Europe, Global Security News, North America
4 Reasons MSPs Should Monitor Their GitHub Footprint
by Thomas Segura •
In recent years, resorting to MSPs has become very popular for companies wanting to accelerate the digitization of their businesses. With this surge in popularity, MSPs now face the question: how to ensure we can meet our cybersecurity responsibilities…
Global Security News, North America
How to make DevSecOps a reality
by Help Net Security •
Every AppSec leader recognizes and admits that software development is accelerating, and there’s no way their current approach is going to keep up. It is much better to prevent incidents than react to them after they have already happened. In thi…
Europe, Global Security News, North America
What You Need to Scale AppSec
by Thomas Segura •
Security is a dilemma for many leaders. On the one hand, it is largely recognized as an essential feature. On the other hand, it does not drive business. Of course, as we mature, security can become a business enabler. But the roadmap is unclear. With…
Europe, Global Security News, North America
Prioritizing Security a Challenge for Dev Teams
by Sue Poremba •
Security has long been seen as an afterthought in the DevOps process, and a new report from Secure Code Warrior offers a reason why. While developers say a security-led approach is important within the software development life cycle, 86% of responden…
Europe, Global Security News, North America
Anitian Achieves AWS DevOps Competency Status
by Anitian •
Anitian achieves Amazon Web Services (AWS) DevOps Competency, validating its technical proficiency and proven customer success specializing in DevSecOps.
The post Anitian Achieves AWS DevOps Competency Status appeared first on Anitian.
The post Anitian…
Europe, Global Security News, North America, Vulnerabilities
Software Supply Chain Attacks: Clear and Present Danger
by Eran Orzel •
More than a year after the SolarWinds Sunburst attack and most companies are still exposed to software supply chain attacks. In a study conducted by Argon Security at Aqua Security, it was found that the majority of companies didn’t implement software…
Global Security News, North America
The benefits of implementing continuous security in the development lifecycle
by Help Net Security •
Wabbi published new research with IDG that finds companies utilizing continuous security have decreased vulnerabilities by 50%. The study focused on the integration of development and security, as well as the benefits of continuous security. Participan…
Global Security News, North America
Cloud-native adoption shifts security responsibility across teams
by Help Net Security •
Styra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during their digital transformation journeys. As organizations increase adoption, the re…
Europe, Global Security News, North America
How Secure Is Your Cyberinfrastructure?
by Ron Brown •
Cyberthreats and attacks—including insider threats, nation-sponsored entities and evolving cyberattack techniques such as zero-day and targeted malware, electronic espionage and complex data exfiltration—are not going away. They are only escalating. H…
Europe, Global Security News, North America
Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud
by The ShiftLeft Team •
By Arun Balakrishnan, Sr. Director Product Management
Photo by Markus Spiske on Unsplash
Identity credentials and source code are critical assets that can create major risks for your organization when exposed by breaches of third-party cloud service co…
Security Vendor News
Prisma Cloud — A Leader in Forrester Wave™ for Cloud Workload Security
by Amelia Albanese •
Prisma Cloud was named a Leader in the 2022 Forrester Wave: Cloud Workload Security report, validating market leadership and ability to help customers address cloud security needs.
The post Prisma Cloud — A Leader in Forrester Wave™ for Cloud Workload Security appeared first on Palo Alto Networks Blog.
Europe, Global Security News, North America
CNAPP and the World of Cloud Security
by Daniel Jones •
Recently we’ve been seeing more and more talk about CNAPP. It’s a relatively new term coined by Gartner that stands for cloud-native application protection platform. Gartner has added CNAPP to their hype cycle, especially as they predict that the use …
Security Vendor News
Prisma Cloud Supply Chain Security Reduces Code Complexity and Risk
by Amelia Albanese •
Prisma Cloud now provides automatic inventory and visualization of cloud native supply chain security to augment existing security controls.
The post Prisma Cloud Supply Chain Security Reduces Code Complexity and Risk appeared first on Palo Alto Networks Blog.
Security Vendor News
Prisma Cloud Supply Chain Security Reduces Code Complexity and Risk
by Amelia Albanese •
Prisma Cloud now provides automatic inventory and visualization of cloud native supply chain security to augment existing security controls.
The post Prisma Cloud Supply Chain Security Reduces Code Complexity and Risk appeared first on Palo Alto Networks Blog.
Europe, Global Security News, North America
Secure Software Summit Series: Focus on Preventative Readiness
by The ShiftLeft Team •
By Chetan Conikee
This article is part of a series showcasing learnings from the Secure Software Summit
Photo by Towfiqu barbhuiya on Unsplash
The connected world economy and the COVID-19 pandemic forced companies to accelerate digital transformation. …
Europe, Global Security News, North America
Your Apps Offer a Gateway for Cybercrime
by Sue Poremba •
Most facets of modern life—including our work—are app reliant. We depend on apps for productivity, for communication, to connect businesses with customers. Where we once relied on websites, we now turn to apps, which is why more organizations are deve…
Global Security News, North America
Take a dev-centric approach to cloud-native AppSec testing
by Zeljka Zorz •
The era of the cloud-native application is well and truly upon us: IDC researchers have predicted that by 2023, more that 500 million apps will be developed using cloud-native approaches! While some applications are still being built on a monolithic (a…
Europe, Global Security News, North America, Vulnerabilities
Hackers Wanted—Ukraine Government Calls up its ‘Cybercommunity’
by Richi Jennings •
The Ukranian Defense Ministry is calling up volunteers to join a “cyber force”—to defend against Russian attacks.
The post Hackers Wanted—Ukraine Government Calls up its ‘Cybercommunity’ appeared first on Security Boulevard.
Europe, Global Security News, North America
Developers Need Security Training
by Sue Poremba •
Security has long taken a back seat to speed when it comes to app development. A Synopsys blog explains one reason why: Developers are builders first. “Developers’ primary job is to create features that work—not to worry about what might go wrong.” Co…
Europe, Global Security News, North America, Vulnerabilities
Puttin’ Putin on Notice—We Will Hack Russia Back
by Richi Jennings •
If Russia launches cyberattacks on the U.S. or on NATO allies, it risks being hacked back. This warning comes from Deputy Attorney General Lisa O. Monaco.
The post Puttin’ Putin on Notice—We Will Hack Russia Back appeared first on Security Boulevard.
…
Europe, Global Security News, North America, Vulnerabilities
$3 Million Hack of NFTs—‘And Nothing of Value was Lost’
by Richi Jennings •
OpenSea, the NFT marketplace, got hacked last week. Or perhaps it didn’t. Charles Ponzi would be proud.
The post $3 Million Hack of NFTs—‘And Nothing of Value was Lost’ appeared first on Security Boulevard.
Europe, Global Security News, North America
GitHub Actions Blog Series, Part 3: Deploying with Microsoft AKS
by Mark Tomcza, Sr. Alliance Solutions Architect, Contrast Security •
In my last blog post, we discussed the need for businesses to adopt distributed development and delivery models in order to bring value to their customers. With the advent of distributed organizations, companies have had to adapt to new ways of b…
Security Bloggers, Vulnerabilities
State of Modern Application Security: 6 Key Takeaways For 2022
by Harshil Parikh •
In this Expert Insight, Harshil Parikh, CEO of Tromzo, reveals findings from the company’s recent State of Modern Application Security Report, a survey of 400 appsec professionals.
The post State of Modern Application Security: 6 Key Takeaways For 2022…
Europe, Global Security News, North America
Busting the Myths About DevSecOps
by Sue Poremba •
There are a lot of assumptions about adding security to cloud applications, including that there is only one right way to approach the DevSecOps process or that adding security will slow down development in the native cloud. But just because that’s be…
Europe, Global Security News, North America
Oh! Canada—Truck Protest Donor PII Hacked
by Richi Jennings •
Leak of donor database unveils identities of close to 100,000 people who chipped in to bankroll the Canadian Freedom Convoy.
The post Oh! Canada—Truck Protest Donor PII Hacked appeared first on Security Boulevard.
Europe, Global Security News, North America, Vulnerabilities
Zoom Hot-Mic Bug: Is China Listening?
by Richi Jennings •
Zoom users on macOS have noticed the microphone stays on after a meeting has ended.
The post Zoom Hot-Mic Bug: Is China Listening? appeared first on Security Boulevard.
Global Security News, North America
The importance of implementing security scanning in the software development lifecycle
by Help Net Security •
Veracode published a research that finds most applications are now scanned around three times a week, compared to just two or three times a year a decade ago. This represents a 20x increase in average scan cadence between 2010 and 2021. Scan frequency …
Europe, Global Security News, North America
How to cybersecurity: Gravity is a harsh mistress
by Jonathan Knudsen •
Knowledge alone isn’t enough to manage vulnerabilities. Developers need to be part of a proactive security process with integrated AppSec tools.
The post How to cybersecurity: Gravity is a harsh mistress appeared first on Software Integrity Blog.
Th…
Europe, Global Security News, North America
Google Lauds 2FA Results—So Why do People HATE It?
by Richi Jennings •
Google started auto-enrolling users in two-factor authentication (2FA) nine months ago. And now it’s releasing the results: Account breaches halved.
The post Google Lauds 2FA Results—So Why do People HATE It? appeared first on Security Boulevard.
Global Security News, North America
Low code applications are essential for cybersecurity development in applications
by Help Net Security •
One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they’re building as part of the automated development lifecycle, rather than relying on security or…
Europe, Global Security News, North America
Code Sight Standard Edition: Application security optimized for the needs of developers
by Raj Kesarapalli •
Code Sight Standard Edition helps developers find and fix security issues as they code, without switching tools or interrupting their workflow.
The post Code Sight Standard Edition: Application security optimized for the needs of developers appeared…