%term

Why to harden PowerShell and not remove it completely

Jun 22, 2022 By John Gates In CalCom

The National Security Agency (NSA) and partner cybersecurity authorities recently released an information sheet recommending proper configuration and monitoring of PowerShell, as opposed to removing or disabling PowerShell entirely. PowerShell is a built-in scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks.

Read Post

CalCom

Read more about Why to harden PowerShell and not remove it completely

Stranger Danger: Your Java Attack Surface Just Got Bigger

Jun 22, 2022 By Snyk In Snyk

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your Java Attack Surface Just Got Bigger

New Research from Snyk and The Linux Foundation Reveals Significant Security Concerns Resulting from Open Source Software Ubiquity

Jun 21, 2022 By Snyk In Snyk

The State of Open Source Security Highlights Many Organizations Lacking Strategies to Address Application Vulnerabilities Arising from Code Reuse.

Read Post

Snyk

Read more about New Research from Snyk and The Linux Foundation Reveals Significant Security Concerns Resulting from Open Source Software Ubiquity

3 Critical Best Practices of Software Supply Chain Security:

Jun 20, 2022 By Adam Murray In Mend

If your organization develops software and applications to deliver products and solutions, then more than likely you’re using third-party open source components to help create them. According to most estimates, open source components now make up over 80 percent of software products.

Read Post

Mend

Read more about 3 Critical Best Practices of Software Supply Chain Security:

How to secure Kubernetes Ingress?

Jun 20, 2022 By Ben Hirschberg In ARMO

Ingress aims to simplify the way you create access to your Kubernetes services by leveraging traffic routing rules that are defined during the creation of the Ingress resource. This ultimately allows you to expose HTTP and HTTPS from outside the Kubernetes cluster so you no longer need to expose each service separately—something that can be expensive and tedious as an application scales, resulting in an increase in services.

Read Post

ARMO

Read more about How to secure Kubernetes Ingress?

How to decide what to fix when you can't fix everything

Jun 17, 2022 By Tal Dromi, Product Manager In Snyk

Contributing to a legacy software development project, as a security-aware developer, is a bit like inheriting an old house. In my old house, the roof is missing tiles, the bathroom taps are dripping, the front door doesn't lock properly, the hallway needs redecorating and there are worrying cracks in the foundations. I don't know where to start. The security problems with the application I've recently (hypothetically) joined are similarly vexing and diverse. It has deprecated dependencies to older versions of software libraries. It could be misconfigured using insecure protocols.

Read Post

Snyk

Read more about How to decide what to fix when you can't fix everything

User Office Hours: Exploring Snyk IaC

Jun 16, 2022 By Snyk In Snyk

In this episode, we’ll take a look at Snyk IaC - how to use it, what problems it solves, and we’ll also look at the new drift functionality with special guest Stephane Jourdan Throughout the session you can ask us anything! Bring all of your Snyk questions and we’ll do our very best to answer them.

View Video

Snyk

Read more about User Office Hours: Exploring Snyk IaC

3 New GitHub Features to Reinforce Your Code, Repo, and Dependency Security

Jun 16, 2022 By Guy Bar-Gil In Mend

Developers love GitHub. It’s the biggest and most powerful collaboration platform that programmers, developers, and companies use to develop and maintain their software. It’s the biggest source code host with more than 200 million repositories. And it keeps growing. In 2021, more than 73 million developers used GitHub. It gained over 16 million new users in 2021 alone, and GitHub estimates that user numbers will increase to 100 million developers in the next five years.

Read Post

Mend

Read more about 3 New GitHub Features to Reinforce Your Code, Repo, and Dependency Security

Snyk and Sysdig: Secure Containers and Eliminate Noise from Code to Production

Jun 16, 2022 By Snyk In Snyk

Secure Containers and Eliminate Noise from Code to Production with Sysdig and Snyk. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Snyk and Sysdig: Secure Containers and Eliminate Noise from Code to Production

Certificate-Based Authentication Best Practices

Jun 15, 2022 By Sakshyam Shah In Teleport

In a certificate-based authentication, a user or machine proves their identity to the servers and networks with a certificate that is digitally signed by a certificate authority, a trusted centralized entity responsible for issuing and managing certificates. Many popular servers support certificate-based authentication, but people often opt-in for a password or key-based authentication to avoid certificate management overhead.

Read Post

Teleport

Read more about Certificate-Based Authentication Best Practices

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why to harden PowerShell and not remove it completely

Stranger Danger: Your Java Attack Surface Just Got Bigger

New Research from Snyk and The Linux Foundation Reveals Significant Security Concerns Resulting from Open Source Software Ubiquity

3 Critical Best Practices of Software Supply Chain Security:

How to secure Kubernetes Ingress?

How to decide what to fix when you can't fix everything

User Office Hours: Exploring Snyk IaC

3 New GitHub Features to Reinforce Your Code, Repo, and Dependency Security

Snyk and Sysdig: Secure Containers and Eliminate Noise from Code to Production

Certificate-Based Authentication Best Practices

Monthly Archive

Follow Us