CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.
|
By Cenk Kalpakoğlu
Addressing the security intricacies of sophisticated automation frameworks, in our case the Continuous Integration/Continuous Deployment (CI/CD) environments, is always challenging. The inherent complexity of such environments, characterized by the multitude of components that are each performing distinct tasks, necessitates a dynamic and adaptable rule engine to ensure the security of our pipelines.
|
By Andreas Wiese
This blog post dives into four essential strategies to enhance AppSec accountability: establishing clear security policies, utilizing advanced tools and automation, fostering a security-conscious culture, and implementing security orchestration. Readers will gain valuable insights into aligning their cybersecurity measures with business goals, ensuring a robust and strategic AppSec framework.
|
By Cenk Kalpakoğlu
During the Open Security Summit 2024, Yahoo! Principal Security Engineer Mert Coskuner and Kondukto CEO & Co-Founder Cenk Kalpakoglu delved into the intriguing topic of securing CI Runners through eBPF agents. Although the title might seem unconventional, it reflects their creative approach to solving security challenges in continuous integration environments. With the rapid digital transformation of businesses, there has been an increasing focus on supply chain attacks and their impact on security.
|
By Cenk Kalpakoğlu
CI/CD pipelines are formed by a series of steps that automate the process of software delivery. They integrate the practices of Continuous Integration (CI) and Continuous Delivery (CD) along with the tools, platforms, and repositories that enable them. Their goal is to simplify, streamline and automate large parts of the software development process.
|
By Andreas Wiese
Picture a domino effect in the business world: one weak link in a supply chain triggers a cascade of disruptions. This is the reality of supply chain attacks, where a minor breach can escalate into a major crisis. It underscores the urgent need for robust security across the whole supply chain. Supply chain attacks represent a sophisticated threat to organizations, often involving multiple stages of exploitation.
Sponsored Post
|
By Andreas Wiese
In the fast-paced field of software development, ensuring applications remain functional and secure through updates is essential. Regression testing, which checks that new code doesn't harm existing features, is key. Dynamic Application Security Testing (DAST) tools play a crucial role here. They identify security flaws in active web applications. This article explores the importance of DAST tools, integration, and enhancement in regression testing.
CVE-2022-39327 is a code injection vulnerability that affects the command-line interface for Microsoft Azure (Azure CLI). The vulnerability allows an attacker to execute arbitrary commands on a Windows machine that runs an Azure CLI command with untrusted parameter values. The vulnerability was discovered by GitHub Security Lab and reported to Microsoft on October 7, 2022. Microsoft released a patch for the vulnerability on October 25, 2022, in version 2.40.0 of the Azure CLI.
This is an overview of the CVE-2023-40598 vulnerability, which affects Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1. We will explain the nature of the vulnerability, how it can be exploited, and how it can be fixed. We will also provide code examples, links to web pages with valuable information, and tips on how to prevent similar vulnerabilities in the future.
Sponsored Post
|
By Can Taylan Bilgin
Have you ever thought there could be a smarter way to handle your organization's app security? In this blog post we're going to provide an overview of modern Security Orchestration, show how it fits perfectly with DevSecOps and how to make sure that security is part of your software development lifecycle right from the start.
|
By Kondukto
In this episode, Alex Krasnov from Meta shares his thoughts on the supply chain security tools and processes, the impact of government mandates on the evolution of the industry and what lies ahead.
|
By Kondukto
In this episode, we talk with Rami McCarthy from Figma about best practices in security programs including the roles of developers, and effective triage and remediation processes.
|
By Kondukto
Kondukto integrates with OpenAI and gets vulnerability remediation advice for all your security testing results on this concept work. OpenAI is an artificial intelligence research laboratory that surprised the world with ChatGPT. It was founded in San Francisco in late 2015 by Sam Altman and Elon Musk, and many others. ChatGPT grabbed 1M people's attention in the first six days, and unbelievable AI & Human conversations screenshots are still getting shared.
|
By Kondukto
Kondukto allows you to set SLA levels for your vulnerabilities and easily track the ones that are overdue.
|
By Kondukto
On Kondukto you can apply automated workflows on vulnerabilities that are manually imported to Kondukto as well. In this video, you can see how Kondukto automatically creates issues on issue managers and sends notifications as soon as a new file is imported.
|
By Kondukto
With Kondukto an action taken on a vulnerability discovered in one branch is automatically reflected on the same vulnerability discovered in a different branch.
|
By Kondukto
With Kondukto's Secure Code Warrior integration you can send training videos to your developers to raise awareness about certain types of vulnerabilities.
|
By Kondukto
Kondukto lets you pinpoint the developers responsible for vulnerabilities discovered by your SAST tools. After analyzing the type and number of vulnerabilities created by each developer, you can quickly assign courses on Avatao with a single click on Kondukto.
|
By Kondukto
Kondukto lets you pinpoint the developers responsible for vulnerabilities discovered by your SAST tools. After analyzing the type and number of vulnerabilities created by each developer, you can quickly assign courses on Codebashing with a single click on Kondukto.
- May 2024 (3)
- April 2024 (1)
- March 2024 (2)
- February 2024 (4)
- January 2024 (3)
- December 2023 (2)
- November 2023 (2)
- October 2023 (3)
- September 2023 (1)
- August 2023 (2)
- July 2023 (1)
- June 2023 (1)
- May 2023 (1)
- April 2023 (2)
- March 2023 (1)
- February 2023 (1)
- January 2023 (1)
- December 2022 (1)
- October 2022 (1)
- September 2022 (2)
- August 2022 (1)
- July 2022 (2)
- June 2022 (1)
- May 2022 (1)
- November 2021 (1)
- September 2021 (1)
- July 2021 (1)
- May 2021 (1)
- March 2021 (1)
- December 2020 (1)
- November 2020 (1)
- October 2020 (2)
- December 2019 (2)
The Kondukto Platform is the ultimate tool for application security teams, allowing them to effortlessly transform vulnerability management, giving back the time, focus, and insight they need to succeed.
Instantly get all security testing tool results in a single view, automate vulnerability remediation workflows and manage risks with key security performance indicators (KPIs).
Effortless efficiency that saves time and money:
- Gain visibility & insight: Speed up prioritization process with the power of orchestration and automation.
- Remediate faster: Reduce distraction and low value work to speed up remediation.
- Boost learning and accountability: Support a culture of continuous improvement with our developer-level vulnerability data.
Accelerate triage and remediation with AppSec orchestration.