Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Vulnerability Validation Increases Efficiency in DevSecOps

This is the second installment in a series about making DevSecOps work in your organization. In a previous post, we covered the first pillar of the DevSecOps model—discovery. In this post we discuss the second, which is validation. The reason this phase is so important to the DevSecOps model and for successful vulnerability management is that it’s the point where the software flaws that represent true risks are separated out from those that are not serious security risks.

What's Next for Log4j? Tales From the Trenches Panel

The recently discovered flaw in Apache’s Log4j software continues to stress security teams and put many organizations at risk. Because Log4j is very difficult to detect, many scanners may not detect it. Rezilion researchers conducted a survey using multiple open source and commercial scanning tools and assessed the tools against a dataset of packaged Java files where Log4j was nested and packaged in various formats. While no scanner was able to detect Log4j in all formats initially, several scanner makers were quick to respond and update their technology to find the bug.

Insight is the Key to Understanding Your Application's Security Posture

The official definition of insight is “the capacity to gain an accurate and deep intuitive understanding of a person or thing.” Having complete insight into your application’s security risks is the key to making them secure and compliant. Most organizations look at application security risk in individual silos of their application architectures and not how individual components interact with each other within the application architecture.

API Security Becomes Complete with Application Security Posture Management

Let’s face it – Application Programming Interfaces or APIs are a foundational part of modern applications. They are just as crucial as home-grown code, open-source packages, frameworks, and libraries in your application’s architecture. One of the questions I have heard for years while working with commercial enterprise applications is: do you have an API?

Discovery: The First Critical Pillar in a Successful DevSecOps Program

This is the first installment in a series about making DevSecOps work in your organization. The DevSecOps model, a key to enhancing software security at all phases of the development lifecycle, includes four pillars: Discovery, validation, prioritization and remediation. These are vital for eliminating vulnerabilities from software products, in a way that does not overly tax development and security team resources or lead to higher costs, greater friction and reduced productivity.