Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



3 tips for effective developer security training

“This is the golden era of application security,” says Founder of Manicode Security and secure coding trainer Jim Manico on episode 26 of The Secure Developer podcast. Ten years ago, Manico says, security training was “a quirky thing to do — something to do on the side.” Now, assessment tools are mature, good literature on assessment makes knowledge more accessible, and a wide range of intelligent people are building secure applications.


10 AWS security considerations when migrating

Cloud data storage has many practical advantages over traditional data centers, but making a move also comes with many unique security considerations. When moving to AWS, begin how you wish to continue. Companies that transition to cloud data storage must update their approach to information security to protect their data. Setting up proper security practices during migration will help future teams securely and efficiently deliver applications and features.

How to Migrate Snyk to the new Bitbucket Cloud App Integration

Snyk has a new and improved Bitbucket Cloud App. The new Snyk Security for Bitbucket Cloud App features the same Bitbucket experience with a streamlined onboarding process and improved enterprise functionality. Here's how to migrate your existing Snyk as Bitbucket Cloud App (Legacy)—to the new Bitbucket Cloud App integration.

Can gamification unite development and security?

Despite years of effort encouraging a DevSecOps approach, development and security teams tend to remain divided. For example, according to 2020 research, 65% of security professionals reported that their companies had successfully shifted security left. Good, right? But the same research also shows that almost a third of people believe the security team is primarily responsible for security — despite shifting left.

Stranger Danger: Your Java Attack Surface Just Got Bigger

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

How to use GitHub Actions environment variables

To improve the efficiency of releasing working code into a production environment, implementing a continuous integration and continuous delivery (CI/CD) pipeline is a great practice. These pipelines automate the process of checking that a code change is ready for release and provides tools to automate the release to a production environment. One popular way to do this is to use your existing version control system.


Writing unit tests in Java

Testing is a crucial best practice when developing software. Unit testing is one of the numerous strategies we can use to ensure our code is functional and optimal. As developers, we can code unit tests to check individual components (units) of the application code, such as a specific method. The idea is to write one or more unit tests for each code section and run them every time a change is made to catch defects as soon as they are introduced into the codebase.


Dependency injection in JavaScript

Inversion of control (IoC) techniques give developers a way to break out of traditional programming flow, and it offers them more flexibility and greater control over their code. Dependency injection, one form of IoC, is a pattern that aims to separate the concerns of constructing objects and using them. In this article, you’ll learn what dependency injection is, when you should use it, and what popular JavaScript frameworks it’s implemented in.


Setting up SSL/TLS for Kubernetes Ingress

Today, web and mobile applications and API-based microservice endpoints are becoming the default. These applications are reachable through the HTTP web protocol. The encryption provided by a Secured Socket Layer or Transport Layer Security (SSL/TLS) is a must to secure the communication between client and server and across API back-ends. SSL/TLS are certificate-based encryption mechanisms. SSL has been the standard for over 20 years.