Honeytokens - Protect Your Holy Grail
When protecting your SDLC, you must choose. But choose wisely. For as the True Grail will bring you life. The False Grail will take it from you.
Going Beyond Unit Testing | How to Uncover Blind Spots in your Java Code with Fuzzing
Check out fuzz.ci/cli to try out the tool for yourself! While most Java developers already use unit testing to test whether their application behaves as expected, complementary testing approaches such as fuzz testing enable them to also check their applications for unexpected or strange behaviors that could lead to crashes and make them vulnerable to Denial of Service (Dos) attacks or Zero-Day exploits.
CrowdStrike Expands CrowdStrike Falcon Platform with Industry's Most Complete Adversary-Driven External Attack Surface Management Technology to Minimize Risk from Exposed Assets
CrowdStrike Falcon Surface supercharges CrowdStrike Falcon platform with EASM capabilities for an outside-in and inside-out perspective of the attack surface.
Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain
Meta has two of the largest social media platforms today, Facebook and Instagram. These platforms became the modern gateway for people not just to socialize and eavesdrop on the lives of famous personalities, but more importantly, to stay connected with their friends and loved ones. The sites also became effective channels for organizations to advertise and disseminate information.
Snyk in 30: Open source security for Atlassian Bitbucket Cloud
In our latest Snyk in 30, Jason Lane (Director of Product Marketing) and I (Marco Morales, Partner Solutions Architect) showcased Snyk Open Source with a focus on our integration with Bitbucket Cloud. They covered why open source security is vital for modern app development, along with tips on taking a holistic approach to application security that goes beyond just shifting left.
2023 Cyber Security Predictions
In a key bulletin published in August 2022, Tony Chaudhry, the Underwriting Director of Lloyds, addressed the risk posed by cyber security threats to the insurance industry, stating that “losses have the potential to greatly exceed what the insurance market is able to absorb”.
Exploring the Spring Security authorization bypass (CVE-2022-31692)
In early November, a new authorization bypass vulnerability was found in Spring Security 5. Now, before we panic let’s look into this problem to see if you are vulnerable. Although the vulnerability is classified as high, there is only a specific set of use cases that are vulnerable. This means that not everyone is vulnerable, and I will show that in a second. Regardless, the advice is to upgrade to the newer version of the Spring Security.
Getting IaC to work for DevSecOps
Prof. Avishai Wool, AlgoSec Co-Founder and CTO, provides his unique perspective on the value of IaC to DevSecOps and how it can anable organizations to deploy applications faster and avoid risky configuration mistakes early in the game.
Dark Data: What is it? How can you best utilize it?
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Data continues to be a valuable asset for an organization and plays a crucial role in making operational and strategic business decisions. With the growth of hybrid, private, and multi-cloud models, much of the data is stored on these platforms and becomes vulnerable to malicious activities and potential data leaks.
Netskope Client: Enabling a Secure Borderless Workforce
In order to enable and sustain an effective and secure hybrid work environment, enterprises need security that can deliver protection anywhere, stop modern threats, ensure compliance, and maintain consistent policies across both on-premise and remote locations.