DevSecOps refers to the integration of security practices into DevOps process. With modern development cycles, you can't afford to leave security until the end. It should be baked in at every stage. Continuous integration, continuous delivery (CI/CD) security is a big part of the DevSecOps picture. It's critical that you secure your pipelines and that the automated systems used to implement CI/CD are not vulnerable to attack.

Imagine the following scenario. A developer is alerted by an AI-powered application security testing solution about a severe security vulnerability in the most recent code version. Without concern, the developer opens a special application view that highlights the vulnerable code section alongside a display of an AI-based code fix recommendation, with a clear explanation of the corresponding code changes.

Enhance your portal's capabilities with backend plugins and unlock custom functionalities in the second part of our Backstage tour. Step-by-step instructions provided!

Enhancing the trust and security of the supply chain is on the minds of many a cybersecurity executive today, and will likely be a topic of interest and concern in the months and years to come. It’s not surprising then, that the focal point of a recent RSA Conference virtual seminar was supply chain security. A panel held during the event covered the topic of establishing trust to enhance supply chain security, which is surely one of the more daunting challenges organizations face.

With the proliferation of data breaches and cyber-attacks, developers must take a proactive approach to security. BoxyHQ's Security Building Blocks for Developers are designed to help developers build and deploy secure applications with minimal effort and expertise. In addition to their core products security teams are finding it hard to keep pace with new no-code and low-code apps that are being created in the company.

IIS hardening can be a time-consuming and challenging process. PowerShell can help you achieve hardened IIS security settings to some extent, but it still requires hours of testing to ensure that nothing is broken. CSS by CalCom can automate the IIS hardening process with its unique ability to “Learn” your network, eliminating the need for lab testing while ensuring zero outages to your production environment.

StackRot, identified as CVE-2023-3269 is a 7.8 HIGH use-after-free vulnerability in the Linux kernel versions 6.1 to 6.4 that can lead to privilege escalation. The vulnerability, which was disclosed by Ruihan Li who also released detailed information about it, is caused by a change in the VMA (Virtual Memory Address) tree structure from using red-black trees to maple trees.

A relatively new way of strengthening your software supply chain security is to apply Supply Chain Levels for Software Artifacts (SLSA) in tandem with other tools such as software bills of materials (SBOMs), software composition analysis (SCA) for open source, and static application security testing (SAST) for proprietary code. Let’s take a look at what SLSA is and how its different levels work.

Scanning containers’ images is not enough, pinpointing the CVEs that impact your security posture is key. Public images are a key component of the cloud-native ecosystem. Also known as container images, they are pre-built and publicly available software packages that contain all the necessary dependencies and configurations for an application to run in a containerized environment.