Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How to hack a vulnerable OWASP Node.js Apps We are back with part 2 of this livestream. Join us as we demonstrate how you can use the Node.js app. We also show the various ways it can be hacked so you can learn how to prevent it. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.

Netwrix StealthDEFEND helps protect your Active Directory and data by catching even highly sophisticated attacks in their early stages, responding automatically, and quickly getting the full insight required to recover and strengthen your defenses.

Privileged credentials are some of the highest-value targets for cybercriminals – is your organization still hard-coding credentials and putting itself at risk? Keeper Secrets Manager is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Watch this recorded webinar to learn how to secure your environment and eliminate secrets sprawl with Keeper Secrets Manager – ​​finally remove hard-coded credentials forever!

The NIST Cybersecurity Framework (CSF) provides a list of best practices organizations can follow to maintain a secure environment. At first glance, the list can seem quite complex! When Sedara works with a client to improve their security posture, we do in-depth information gathering. The questions asked might include things like: How do you keep your computer systems updated? How often are they updated? How do you manage adding access for new hires, and ending access for terminations? Do you provide your staff training so they are up-to-date on security threats?

In this video we talk with two security leaders, very well known, from the Bay Area - Mike Hamilton and Barak Engel. A variety of topics, including software supply chain, data governance and APIs amongst many are discussed.

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivaled source of evidence and visibility. Open source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.

In this video, learn about the Snyk IaC integration with HashiCorp Terraform Cloud and Terraform Enterprise, which enable developers to automate security checks and ensure public cloud environments are secure and compliant pre-deployment — directly in their Terraform Cloud pipelines.

Take a view at the many visibility features available within WatchGuard Cloud.

This week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI was able to catch and arrest an ex-NSA insider trying to sell sensitive national security data to a supposed Russian adversary.

In this interview, we speak to Eyal Ben Moshe, Head of the Ecosystem Engineering Group at JFrog, about the importance of shifting left and providing tools for developers to keep their software secure. He specifically discusses the release of Frogbit and Docker Desktop Extension and teases the BuildInfo resource, the metadata associated with a build in Artifactory.