Why The US Government Continues to Push for Software Supply Chain Security
October is officially Cybersecurity Awareness Month in the United States but September was a good month for it, too.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Office Hours: Fixing Vulns Live in the IDE Plugin Made Easy
Do you want to learn how to best fix vulnerabilities in your IDE? Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
The Latest Trends in API Security: The 2023 OWASP API Security Top Ten
The Open Web Application Security Project (OWASP) has published the latest edition of its API Security Top Ten, which was first published in 2019. The Top Ten is a significant daughter list of the OWASP Top Ten, which is one of the most definitive lists of the most severe web application risks. Why is this important? What are its main findings? And what does this mean for application security?
Setting up a Kubernetes cluster
Kubernetes is an open-source platform for governing clusters of containerized application services. Kubernetes automates the vital aspects of container lifecycle management, including scaling, replication, monitoring, and scheduling. The central component of Kubernetes is a cluster, which is itself made up of multiple physical or virtual machines.
Securing IaaS, PaaS and SaaS with a Cloud SIEM
As cloud computing continues to expand with no end in sight, it’s only wise to invest in it. Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service bring significant cost savings (personnel and ownership), improved performance, better reliability, freedom to scale and significant security benefits. It’s no wonder many businesses have already adopted all three of these models.
Why Dependency Management Reduces Your Enterprise's Technical Debt
There are many ways to incur technical debt but the broadest reason it both exists and persists is that most applications are old and most software developers are working on new things. In an ideal world, agile organizations would have very little technical debt because they should always return to their code and improve it. But in the real world, the fast pace of continuous rollouts means agile organizations can be especially prone to collecting large amounts of technical debt.
Auto-resolve Incidents When Valid Secrets Are Revoked With GitGuardian Playbooks
Many teams choose to mark incidents as resolved once the secret involved has been revoked or rotated. With the GitGuardian auto-resolution playbook, you can automate the remediation process, saving you a step any time a credential becomes invalid. This works for both real-time detection and all historical incidents whenever an incident is re-checked for validity.
CIS Hardening and Configuration Security Guide
The Center for Internet Security (CIS) published an updated version for the CIS Controls- CIS Controls v8. The CIS Controls are a set of gold standard guidelines for organizations facing data security issues. These controls were developed to simplify and help IT ops and security teams to remain focused on the essentials. The CIS updates its recommendation according to changes and new discoveries in the Information Security field. The 8th version of the CIS Controls was published in May 2021.
Announcing IaC+ early access: Secure your infrastructure configurations across the SDLC
Designing and maintaining secure infrastructure configurations from code to cloud is a complex process involving multiple technical teams and security stakeholders. The first challenge is writing secure infrastructure configurations pre-deployment.