May 6, 2022
|
By Gary Robinson
Software development has evolved into an incredibly complex machine, with several moving parts to keep track of. Teams get more extensive, and software systems become more complicated as time goes on. Consequently, it has become essential for organisations to structure and plan the road to a final product. This article will cover the concept of a software development lifecycle and its typical applications in a modern environment.
May 6, 2022
|
By Gary Robinson
Security teams frequently struggle with the volume of alerts and issues they are tasked with daily. On average, most enterprises receive between 10,000 and 150,000 a day. Regardless of how large a security team may be, manually going through alerts like this is an almost impossible task. In this article we’ll be covering one of the methodologies that help with improving software security: Security Orchestration Automation and Response (SOAR).
Apr 25, 2022
|
By Gary Robinson
Application Security is a constantly evolving industry, with new threats and methods to combat them appearing regularly. One of the more recent methodologies to combat these threats is Application Security Orchestration and Correlation (ASOC), which centralises these different technologies and integrates them at all development points. This article will cover the benefits of ASOC and how it works, and what you should look for in good ASOC tools.
Apr 14, 2022
|
By Raquel Soares
The application security (AppSec) industry moves fast. Development, security and operations (DevSecOps) practitioners are having to find creative approaches to drive productivity, efficiency and enhanced security across software development. At Uleska, we speak to a lot of people who either simply don’t know where to start or who get caught up in processes that become difficult to scale.
Apr 7, 2022
|
By Raquel Soares
We know starting your application security (AppSec) journey can be a little overwhelming. After all, choosing your tools from scratch and setting yourself up for scalable security assurance has been a challenge. Until now. In a recent webinar, Gary Robinson and Martin Hewitt from Uleska walked us through Uleska’s Toolkits feature that lets users easily configure AppSec tools for continued, reusable use across all of your applications.
Mar 23, 2022
|
By Raquel Soares
Application Security is defined by developing, adding, and testing security features in an application or website. Taking these measures can prevent hostile attacks from malicious users and stop sensitive data or systems from being exposed.
Mar 9, 2022
|
By Raquel Soares
Did you know that over 79% of developers surveyed in 2020 stated their applications had 20 or more vulnerabilities on average? As the digital world evolves, so to do its inhabitants. Cyber security attacks are higher than ever, and application security is quickly becoming more and more important with each passing day. An important step that an organisation can take to begin resolving these vulnerabilities is through Vulnerability Assessment (VA).
Feb 24, 2022
|
By Raquel Soares
No system is perfectly secure, as proven by software analysis firm CAST, which reviewed 278 million lines of code and discovered more than 1.3 million vulnerabilities caused by errors and poor code practices. Because of this, organisations should have a plan of action (known as Vulnerability Management) on how to handle these vulnerabilities.
Feb 22, 2022
|
By Gary Robinson
There are thousands of amazing AppSec tools out there, but this can be both a blessing and a curse. While the headway and innovation we are seeing across these kinds of tools signal big things for the DevSecOps industry, it’s nothing short of a pain when it comes to configuration, deployment and introducing new tools into the mix.
Feb 17, 2022
|
By Gary Robinson
Building robust application security is a lot like building a house—you want it done thoroughly, without any missing parts. However, there is a difference between missing a lick of paint and missing an entire beam in the foundations of the building. One might look a little odd, the other could collapse the whole house.In the world of DevSecOps, calculating risk is a constant exercise.
May 5, 2022
|
By Uleska
Toolkits for DevSecOps: what are they and how do they work? Aligning with the launch of Toolkits - the latest product feature from Uleska that lets users easily configure AppSec tools for continued, reusable use across all your applications - we are hosting a webinar that will take viewers through what this product is, how it can be used to simplify processes, as well as practical examples of it being put to use.
Apr 26, 2022
|
By Uleska
You’re a security engineer who wants the automation of all your security tools to work the same across all your teams. You don’t want everyone to see all projects and all issues. Teams want visibility of their own projects and not be distracted. It’s very likely that you don’t want a complicated setup for users to view security tools, or logs of security runs. Especially when people change teams or leave.
Apr 26, 2022
|
By Uleska
Let’s say you are a security engineer who’s running multiple security tools and you need to report on performance / security metrics on a frequent basis - continual improvement. You know better than anybody that pulling insights from different tools, continually, and reporting on security metrics (types of issues, risk levels, or issue #) changing over time, takes you ages to do manually, and it’s difficult to automate across lots of tools and teams. Time is a constraint and speed is a must.
Jan 18, 2022
|
By Uleska
One of the biggest challenges when rolling out a DevSecOps process is the volume of issues it can bring to light. From a development point of view, we don’t want the implementation of security in DevOps to give the dev team massive lists of vulnerabilities to check over on every build or release. We want to avoid anything that might cause unforeseen delays to keep everything on track - but we also want the application to be secure.
Jan 18, 2022
|
By Uleska
Many security departments and management teams want to improve their processes. DevSecOps introduces the ability for much more granular measurements than traditional manual security testing. Even simple measures can highlight gaps and areas for improvement where the budget can be spent. In this video Founder and CSO, Gary Robinson, takes a closer look at the challenges of KPI metrics for software testing.
Dec 13, 2021
|
By Uleska
Better collaboration between teams, faster time to market, improved overall productivity and enhanced customer satisfaction are just some of the benefits you can reap from successful DevSecOps. However, it’s not just a matter of wrapping a few security tool APIs into your favourite CI tool and calling it a day. DevSecOps programs and tooling grow and mature, as new tools are added, teams come onboard and processes update. You don’t want to clog up and confuse your CI/CD pipelines with constant changes to accommodate DevSecOps.
Dec 3, 2021
|
By Uleska
DevSecOps encourages security tasks to be wrapped and enabled with software development and operations tasks. The aim is to make them as seamless as possible while adding security value - and not more work. Identifying vulnerabilities is essential but it’s also time-consuming and often costly. Staples like CI/CD tools have seen widespread adoption, serving as a wake-up call for development teams about the genuine need for secure code at speed. How do companies and teams answer that call?
Nov 11, 2021
|
By Uleska
"What application security tools do I need?” This is the number one question we hear from security engineers rolling out an application security programme. It’s a good question. There are not only a lot of tools out there, but a lot of different types of tools. And application vulnerabilities are the number one target for cyber attacks – so securing your application with the right tooling is essential.
Sep 16, 2021
|
By Uleska
DevSecOps can automate risk-based decisions and speeds things up in the process. It also keeps developers and security teams sane by allowing them to focus on what needs fixing and not sweating the small bugs. But how can we get to such a state of peace, we hear you ask? In this session, we’ll discuss how to quickly address risk in your AppSec program.
Sep 3, 2021
|
By Uleska
This video shows how you can take an existing security test or script, and within 20 minutes have it integrated to the Uleska Platform for any of your projects to use.
Nov 16, 2021
|
By Uleska
Automating DevSecOps can be a challenge That's why you need this e-book to learn more about the top ten challenges companies face when it comes to automating DevSecOps and how to overcome them. What's in it for you?
- May 2022 (3)
- April 2022 (5)
- March 2022 (2)
- February 2022 (5)
- January 2022 (6)
- December 2021 (6)
- November 2021 (6)
- September 2021 (5)
- August 2021 (4)
- July 2021 (1)
- June 2021 (2)
- July 2020 (1)
- January 2020 (1)
- November 2019 (4)
Uleska is an application security automation platform. We help security and development teams manage application security at scale.
A good DevSecOps program gives you more control, yet gets out of the way. Easily control the execution and coverage of security tooling, while sending important or new issues to Slack, Jira, or your favourite interface.
Security engineers are fighting a losing battle. Often vastly outnumbered by developers, they’re responsible for the security of code they played no part in writing. Even when they can carry out testing, they’re seen as a bottleneck that slows down the whole process. Uleska switches manual processes to automatic ones, giving SecOps the tools needed to raise standards and awareness.
An extra pair of hands for a secure development life cycle:
- Total transparency: Spot all your current vulnerabilities in your software with a one-stop integrated solution.
- Eliminate false positives: Stop making educated guesses and prioritise the right vulnerabilities at the right time of the development process.
- Simple integrations that scale: Access vulnerability information during the CI build process with reliable and repeatable CI platform integrations.
The Smarter Way To Scale Your Application Security.