Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

jfrog

CVE-2020-27304 - RCE via Directory Traversal in CivetWeb HTTP server

Oct 19, 2021 By Denys Vozniuk and Shachar Menashe In JFrog

JFrog has recently disclosed a directory traversal issue in CivetWeb, a very popular embeddable web server/library that can either be used as a standalone web server or included as a library to add web server functionality to an existing application. The issue has been assigned to CVE-2020-27304.

Read Post
Snyk

Securing S3 bucket configuration and access with Snyk & Solvo

Oct 18, 2021 By Lauren Place, David Hendri In Snyk

Solvo is empowering developers and DevOps engineers by enabling them to run their cloud infrastructure with least privilege access, at speed and scale. In this article, we’ll go through a workflow combining Solvo’s automatic platform with Snyk Infrastructure as Code (Snyk IaC) to create customized and secured access from a Lambda function to an AWS S3 bucket. This blog was originally posted on the Solvo website.

Read Post
rezilion

Cybersecurity Awareness Month: 4 Ways to Tackle the Cybersecurity Skills Gap

Oct 18, 2021 By Rezilion In Rezilion

The security skills gap continues to be a serious issue for organizations and there are no signs that things will get better soon. A June 2021 report by security professionals organization Information Systems Security Association (ISSA) and technology research firm Enterprise Strategy Group (ESG) finds the cybersecurity skills crisis continues on a downward, multi-year trend of bad to worse, and has impacted more than half of the 489 organizations surveyed.

Read Post
mend

How To Transition Your Team From DevOps To DevSecOps

Oct 14, 2021 By Alfrick Opidi In Mend

DevOps has transformed the software development industry. The merging of development (Dev) and operations (Ops) teams has largely contributed to quick and effective software releases. The continuous evolution of the application security threat landscape requires organizations to integrate security into the DevOps culture. Thus, DevSecOps has emerged to extend the capabilities of DevOps and enable enterprises to release secure software faster.

Read Post
Snyk

Snyk Code adds Go security scanning (beta)

Oct 14, 2021 By Frank Fischer In Snyk

Snyk Code was launched at the beginning of 2021, and since then it has come a long way in a short time. As a developer-first security tool, it offers an intuitive UI and CLI, embeds in popular IDEs, provides actionable fix recommendations, and scans with industry-leading, real-time speeds and high accuracy. On top of that, it’s all backed by ML-driven algorithms that learn from the global developer community, growing its robust knowledge base exponentially.

Read Post

Embracing Developer-First Practices for the Cloud Era with Snyk Founder and President Guy Podjarny

Oct 13, 2021 By Snyk In Snyk
In this video, Guy Podjarny, Founder of Snyk discussed the importance of embracing developer-first practices for the cloud era. Guy also shared Snyk's unshakeable dedication to developer and security teams as well as its original vision.
View Video
teleport

Running IT at a Hyper Growth Startup

Oct 13, 2021 By Travis Gary In Teleport

At Teleport we do IT a little differently — supporting a global remote company in hypergrowth is no easy feat and the playbook is different from traditional IT work. In this article, we want to share some of our IT philosophies that enable our employees to keep their agility despite working very asynchronously around the world.

Read Post
Subscribe to DevOps

Copyright © 2024 OpsMatters™. All rights reserved.