The purpose of every security team is to provide confidentiality, integrity and availability of the systems in the organization. We call it “CIA Triad” for short. Of those three elements, integrity is a key element for most compliance and regulations. Some organizations have realized this and decided to implement File Integrity Monitoring (FIM). But many of them are doing so only to meet compliance requirements such as PCI DSS and ISO 27001.

Traditional security programs were predicated on protecting the typically internally hosted technology infrastructure and the data within that environment. This led to an ecosystem composed of numerous discrete tools and processes all intended to detect adversaries and prevent harm. It included a multitude of controls spanning network and infrastructure security, application security, access control, and process controls.

Veracode was recently named the winner of IT Central Station’s 2021 Peer Award for application security testing (AST). Winners were chosen based on reviews from verified customers to help prospective buyers make well-informed, smart business decisions. “Receiving positive feedback from our customers on the leading technology review site for cybersecurity, DevOps, and IT is a true testament to our products and services,” said Mark Bissell, Chief Customer Officer at Veracode.

Broken Access Control is #5 in the current OWASP Top Ten Most Critical Web Application Security Risks. It should be viewed in conjunction with Broken Authentication, currently the #2 risk.

We are seeing a renewed focus on accelerating digital transformation projects across business ecosystems and workflows within our customer base. These projects are enabling key business outcomes and this organizational transformation has given security and IT leaders the catalyst and opportunity to modernize security operations while eliminating on-premises debt.

The Cybersecurity Excellence Awards honor individuals, products and companies that demonstrate excellence, innovation and leadership in information security. Awards are given out based on a combination of the strength of individual nominations and a popular vote by members of the information security community. We were winners in the following categories: We also received a silver award in the Best Cybersecurity Company – Europe category.

The final part of this mini Red Team blog series discusses the benefits a Red Team Assessment will bring to your organisation. A security test of any sort is ultimately designed to see how your business can mitigate and learn from any issues found. Yes, compliance can come into this and passing and failing a test is a factor but creating a strong infrastructure to protect the business and customer interests is the key factor here.

Securely running workloads in Kubernetes can be difficult. Many different settings impact security throughout the Kubernetes API, requiring significant knowledge to implement correctly. One of the most powerful tools Kubernetes provides in this area are the securityContext settings that every Pod and Container manifest can leverage. In this cheatsheet, we will take a look at the various securityContext settings, explore what they mean and how you should use them.

As I’m writing this blog, malicious actors are actively exploiting vulnerabilities in the Microsoft Exchange Server software. These were zero-day exploits, which means that even organizations that were diligent in their patching were vulnerable. So far the estimates are that more than 60,000 organizations have been compromised.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.