Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



Why DevSecOps Teams Need Secrets Management

Proper IT secrets management is essential to protecting your organization from cyberthreats, particularly in DevOps environments, where common CI/CD pipeline tools such as Jenkins, Ansible, Github Actions, and Azure DevOps use secrets to access databases, SSH servers, HTTPs services and other highly sensitive systems.


The job of every security professional is to decipher buzzwords created by analysts and vendors. ASOC and ASPM are the latest, which are increasingly relevant in 2023 as applications become cloud-native (more distributed tech) and incorporate CI/CD (loads of f***king changes). In this post, I shall try to explain what ASOC and ASPM are, why they are relevant, and how they compare.

Twitter Hack: How to Scrape Sensitive Data

Many past social media breaches resulted from scraping. Most recently, a hacker scraped over 400 million records from Twitter. And it’s only a matter of time before another data breach occurs using the same technique. In this blog, I’ll explain how hackers scraped those user records from Twitter and how to mitigate these attacks.

Veracode Research Reveals Steps to Reduce Introduction and Accumulation of Security Flaws as Apps Grow and Age

Over 30 Percent of Applications Contain Flaws at First Scan; By Five Years, Nearly 70 Percent of Apps Have At Least One Flaw Scanning via API, Hands-on Security Training, and Scan Frequency Identified as Key Factors to Reduce Flaw Introduction Over Time.

Wiz and Bionic Integrate to Offer Unified Cloud-Native Security

Today, we’re pleased to announce a partnership with the industry leader in cloud security, Wiz to provide next-generation Cloud and Application Security. The Wiz + Bionic partnership will help customers manage security and business risk that comes with two of the greatest challenges in technology: ephemeral, cloud-native services and highly dynamic, rapidly changing applications in production.


DevSecOps and log analysis: improving application security

More and more organizations are abandoning the outdated waterfall development methodology for more practical and efficient Agile development practices. As this movement has occurred, development teams are moving faster than ever by employing Continuous Integration (CI) and Continuous Deployment (CD) practices that are serving to shorten development cycles and get new features into production faster. This does, however, come with greater security risk in some respects.


Using DevSecOps to Improve Your Vulnerability Management Program

The basic idea behind DevSecOps is to introduce security as early as possible in the software development life cycle (SDLC). At the same time, the model can lead to increased collaboration between development and security teams as part of the effort to integrate security into the SDLC. In other words, DevSecOps provides an excellent foundation for an effective vulnerability management strategy.

Calculating Your Application Security Posture

Applications are your business. Your customers see more value every time engineers push code. And that’s why your engineers are continuously empowered to move faster. But, with all these changes in production, your application security posture is morphing. Enter the application security team. They exert a massive amount of effort on risk remediation. And now, you’re asking yourself questions like: Many security teams struggle to answer those questions.