Application Programming Interfaces (APIs) have become the backbone of modern applications. They enable seamless interaction between different software systems, allowing businesses to innovate rapidly. With the proliferation of APIs comes an increased risk of security vulnerabilities. Ensuring API security is crucial to safeguarding sensitive data, maintaining user trust and protecting the integrity of applications.
|
By Andreas Wiese
Historically, security programs have struggled when they fail to include developers and partner teams, often falling into the trap of focusing solely on the security team’s needs. This approach has led to a disconnect between security and development teams, resulting in ineffective vulnerability management and often strained relationships.
|
By Andreas Wiese
The shift towards a proactive cybersecurity mindset has been steadily gaining momentum. Industry experts have emphasized the importance of best practices for implementation and the role of security orchestration. By integrating modern threat intelligence solutions into vulnerability management platforms, forward-thinking enterprises can become more proactive in their fight against cyber threats.
In this blog, we are going to take a closer look at the concept of Fuzzing, using Go, and how to integrate it into your CI/CD pipeline. As a quick primer, Fuzzing is an automated testing technique that involves feeding random, unexpected, or invalid data to a program or API to uncover bugs and vulnerabilities. The core idea is to expose the program to inputs that developers may not have anticipated, thereby revealing flaws such as crashes, memory leaks, and security vulnerabilities.
|
By Ali Köse
CVE-2024-32002 was published on May 15, 2024 and is affecting versions of Git SCM. The vulnerability exploits a bug where Git can be fooled into writing files into a.git/ directory instead of a submodule's worktree. To fully mitigate this vulnerability additional steps need to be taken beyond updates.
|
By Cenk Kalpakoğlu
During this year’s RSA conference in San Francisco, we announced our new exciting platform capability: “Bring-Your-Own-Data” (BYOD), which allows customers to integrate their unique data-streams into the Kondukto Platform. Integrating diverse sets of data has become critical for AppSec. “Bring-Your-Own-Data” drastically improves the visibility for security teams into the application security stack of complex environments.
CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.
|
By Cenk Kalpakoğlu
Addressing the security intricacies of sophisticated automation frameworks, in our case the Continuous Integration/Continuous Deployment (CI/CD) environments, is always challenging. The inherent complexity of such environments, characterized by the multitude of components that are each performing distinct tasks, necessitates a dynamic and adaptable rule engine to ensure the security of our pipelines.
|
By Andreas Wiese
This blog post dives into four essential strategies to enhance AppSec accountability: establishing clear security policies, utilizing advanced tools and automation, fostering a security-conscious culture, and implementing security orchestration. Readers will gain valuable insights into aligning their cybersecurity measures with business goals, ensuring a robust and strategic AppSec framework.
|
By Cenk Kalpakoğlu
During the Open Security Summit 2024, Yahoo! Principal Security Engineer Mert Coskuner and Kondukto CEO & Co-Founder Cenk Kalpakoglu delved into the intriguing topic of securing CI Runners through eBPF agents. Although the title might seem unconventional, it reflects their creative approach to solving security challenges in continuous integration environments. With the rapid digital transformation of businesses, there has been an increasing focus on supply chain attacks and their impact on security.
|
By Kondukto
In this episode, Alex Krasnov from Meta shares his thoughts on the supply chain security tools and processes, the impact of government mandates on the evolution of the industry and what lies ahead.
|
By Kondukto
In this episode, we talk with Rami McCarthy from Figma about best practices in security programs including the roles of developers, and effective triage and remediation processes.
|
By Kondukto
Kondukto integrates with OpenAI and gets vulnerability remediation advice for all your security testing results on this concept work. OpenAI is an artificial intelligence research laboratory that surprised the world with ChatGPT. It was founded in San Francisco in late 2015 by Sam Altman and Elon Musk, and many others. ChatGPT grabbed 1M people's attention in the first six days, and unbelievable AI & Human conversations screenshots are still getting shared.
|
By Kondukto
Kondukto allows you to set SLA levels for your vulnerabilities and easily track the ones that are overdue.
|
By Kondukto
You can easily activate Nuclei on Kondukto and scan your applications in no time.
|
By Kondukto
On Kondukto you can apply automated workflows on vulnerabilities that are manually imported to Kondukto as well. In this video, you can see how Kondukto automatically creates issues on issue managers and sends notifications as soon as a new file is imported.
|
By Kondukto
With Kondukto an action taken on a vulnerability discovered in one branch is automatically reflected on the same vulnerability discovered in a different branch.
|
By Kondukto
With Kondukto's Secure Code Warrior integration you can send training videos to your developers to raise awareness about certain types of vulnerabilities.
|
By Kondukto
Kondukto lets you pinpoint the developers responsible for vulnerabilities discovered by your SAST tools. After analyzing the type and number of vulnerabilities created by each developer, you can quickly assign courses on Avatao with a single click on Kondukto.
|
By Kondukto
Kondukto lets you pinpoint the developers responsible for vulnerabilities discovered by your SAST tools. After analyzing the type and number of vulnerabilities created by each developer, you can quickly assign courses on Codebashing with a single click on Kondukto.
- September 2024 (2)
- August 2024 (2)
- June 2024 (2)
- May 2024 (3)
- April 2024 (1)
- March 2024 (2)
- February 2024 (4)
- January 2024 (3)
- December 2023 (2)
- November 2023 (2)
- October 2023 (3)
- September 2023 (1)
- August 2023 (2)
- July 2023 (1)
- June 2023 (1)
- May 2023 (1)
- April 2023 (2)
- March 2023 (1)
- February 2023 (1)
- January 2023 (1)
- December 2022 (1)
- October 2022 (1)
- September 2022 (2)
- August 2022 (1)
- July 2022 (2)
- June 2022 (1)
- May 2022 (1)
- November 2021 (1)
- September 2021 (1)
- July 2021 (1)
- May 2021 (1)
- March 2021 (1)
- December 2020 (1)
- November 2020 (1)
- October 2020 (2)
- December 2019 (2)
The Kondukto Platform is the ultimate tool for application security teams, allowing them to effortlessly transform vulnerability management, giving back the time, focus, and insight they need to succeed.
Instantly get all security testing tool results in a single view, automate vulnerability remediation workflows and manage risks with key security performance indicators (KPIs).
Effortless efficiency that saves time and money:
- Gain visibility & insight: Speed up prioritization process with the power of orchestration and automation.
- Remediate faster: Reduce distraction and low value work to speed up remediation.
- Boost learning and accountability: Support a culture of continuous improvement with our developer-level vulnerability data.
Accelerate triage and remediation with AppSec orchestration.