%term

Identifying and Avoiding Malicious Packages

Mar 14, 2022 By JFrog In JFrog

Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar, hosted by JFrog Director of Threat Research Jonathan Sar Shalom, will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.

View Video

JFrog

Read more about Identifying and Avoiding Malicious Packages

Artifactory Integration - Plugin Upgrade

Mar 14, 2022 By Mend In Mend

This is a short tutorial on migrating the WhiteSource JFrog Artifactory plugin from any version before 21.12.1 to version 21.12.1

View Video

Mend

Read more about Artifactory Integration - Plugin Upgrade

Announcing Snyk free security for open source projects

Mar 14, 2022 By Snyk In Snyk

Snyk announces expanded free offerings for open source project maintainers including unlimited scans across our platform and additional features. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Announcing Snyk free security for open source projects

Why Single Sign On Sucks

Mar 11, 2022 By Ben Arent In Teleport

A month ago I tweeted about my annoyance with SSO or Single Sign On. While single is in the name, I’m required to “single sign on” multiple times a day. I’m not the only one; the tweet went viral with over 25k likes and 2 Million impressions. The tongue-in-check tweet created a lot of fun responses and more rage against SSO user experience than I expected. SSO was meant to solve password fatigue but we got something worse.

Read Post

Teleport

Read more about Why Single Sign On Sucks

This Week in VulnDB - 10th March 2022

Mar 10, 2022 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB - 10th March 2022

How To Address SAST False Positives In Application Security Testing

Mar 10, 2022 By Alfrick Opidi In Mend

Static Application Security Testing (SAST) is an effective and well-established application security testing technology. It allows developers to create high-quality and secure software that is resistant to the kinds of attacks that have grown more prevalent in recent years. However, the challenge with SAST is that it tends to produce a high number of false positives that waste the time of your engineering team. In this blog we take a look at SAST and the problem of false positives.

Read Post

Mend

Read more about How To Address SAST False Positives In Application Security Testing

How to Set-up an Identity-Aware Access Proxy as a Bastion Host in AWS

Mar 10, 2022 By Janakiram MSV In Teleport

More and more business-critical applications run on Amazon Web Services. Protecting these mission-critical applications from potential attacks requires moving beyond typical security approaches such as using only a jump box or firewall to control access. This multi-part tutorial will show how DevOps teams can secure their AWS services using a zero-trust, identity-based approach that not only increases security, but improves developer productivity.

Read Post

Teleport

Read more about How to Set-up an Identity-Aware Access Proxy as a Bastion Host in AWS

Cross-Account and Cross-Cluster Restore of Kubernetes Applications

Mar 10, 2022 By CloudCasa In CloudCasa

Cross-Account and Cross-Cluster Restore of Kubernetes Applications Using CloudCasa. Users can now browse and map the available storage classes in the source and destination cluster when restoring. When performing cross-account Kubernetes restores in AWS, the system will now automatically handle changing volume IDs for PVs. Additionally, when creating an EKS cluster on restore, CloudCasa now allows customization of the IAM role, security group, VPC group etc. to be used in the new account.

View Video

CloudCasa

Read more about Cross-Account and Cross-Cluster Restore of Kubernetes Applications

A Day In The Life of A Service Company CISO - Caroline Wong

Mar 10, 2022 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about A Day In The Life of A Service Company CISO - Caroline Wong

How to Mitigate the Risks of Software Supply Chain Security

Mar 10, 2022 By Snyk In Snyk

In this video, Lawrence Crowther, Head of Solutions Engineering at Snyk, and Pas Apicella, Principal Solutions Engineer at Snyk, discuss the ways to mitigate risks in software supply chain security.

View Video

Snyk

Read more about How to Mitigate the Risks of Software Supply Chain Security

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Identifying and Avoiding Malicious Packages

Artifactory Integration - Plugin Upgrade

Announcing Snyk free security for open source projects

Why Single Sign On Sucks

This Week in VulnDB - 10th March 2022

How To Address SAST False Positives In Application Security Testing

How to Set-up an Identity-Aware Access Proxy as a Bastion Host in AWS

Cross-Account and Cross-Cluster Restore of Kubernetes Applications

A Day In The Life of A Service Company CISO - Caroline Wong

How to Mitigate the Risks of Software Supply Chain Security

Monthly Archive

Follow Us