Multi-Module Prioritize - Local Scan
This video in the series shows how to run a Multi-Module Prioritize Scan using the Unified Agent on a local machine.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Multi-Module Prioritize - CI/CD Scan
This video in the series shows how to run a Multi-Module Prioritize Scan using the Unified Agent within a CI/CD pipeline.
WhiteSource & Fortify SSC Integration
Are you using Fortify Software Security Center? WhiteSource can integrate with Fortify SSC and quickly detect open source artifacts and their known vulnerabilities and licensing risks. WhiteSource also provides all the information you need to fix these artifacts automatically.
RFDiscussion - Teleport Desktop Access
We'll deep dive into the Request for Discussion docs used to build Teleport Desktop Access.
FTC highlights the importance of securing Log4j and software supply chain
Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it’s encouraging to see the agency take this rare step, beginning to form a firm stance on software supply chain security. Although this increased scrutiny from the FTC may at first seem daunting, violations can be remediated with the right practices.
How to Set Up Two-Factor Authentication for SSH
One way to enhance SSH login security is by using two-factor authentication (2FA). This approach forces an administrator to self-identify with an additional security verification in addition to the local admin credentials. This tutorial guides you through setting up Google Authenticator PAM to enable 2FA for users connecting to SSH on a Linux server. We’ll use nano as our editor in examples.
The Missing Pieces in Securing your SDLC
Navigating the world of secure software development is hard. There is a lot of noise and not enough time to investigate everything thoroughly. Make your life and the lives of your colleagues easier by building a world-class DevSecOps automation pipeline. Automate feedback delivery in a way that makes sense. It doesn’t have to be hard; automate the pain away!
Demystifying DevOps-Pros, cons, dos & don'ts
We hear a lot about DevOps but how do we turn it from myth into reality? In this panel with Waleed Arshad, Community Manager at Snyk, Frank Dornberger, Team lead of DevSecOps at movingimage EVP GmbH, and Idir Ouhab Meskine, Staff Solutions Engineer at Splunk, we're go over: Waleed Arshad, Community Manager at Snyk Frank Dornberger, Teamlead DevSecOps at movingimage EVP GmbH Idir Ouhab Meskine, Staff Solutions Engineer at Splunk
SSH Client Config Files and How to Use Them
SSH client configuration files allow us to connect to servers with pre-configured commands. This saves typing each SSH command parameter when logging into a remote machine and executing commands on a remote device. This article will examine secure shell (SSH) client configuration (config) files and their functions. Specifically, we will show an example of an SSH client config file to learn how to use these files before creating an example config file that connects to a fictitious server.
The JNDI Strikes Back - Unauthenticated RCE in H2 Database Console
Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE – CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). H2 is a very popular open-source Java SQL database offering a lightweight in-memory solution that doesn’t require data to be stored on disk.