The not-so-distant memories of security events like Log4Shell and the SolarWinds attack keep software supply chain attacks front of mind for developers. There are things organizations can do to detect and deter malicious supply chain attacks, including the recently mandated (as per the U.S. federal government) software bill of materials (SBOM).
On March 2nd, 2023, the Biden-Harris Administration released a fact sheet announcing the National Cybersecurity Strategy, which outlines their vision for securing the nation's digital infrastructure and ensuring the safety of American citizens online. This strategy addresses the growing number of cyber threats facing the United States, including ransomware attacks, supply chain vulnerabilities, and state-sponsored hacking.
March 15, 2023 marked the 10-year anniversary of Solomon Hyke's famous PyCon lightning talk, when he introduced the world to Docker. Let’s look back at how much has changed and hear from some folks who have stories about blazing the trail toward the containerized world we live in today.
Amazon Web Services (AWS) remains the dominant cloud provider, with 40.8% of the market share. Many enterprises and organizations today have some, if not most, of their infrastructure on Amazon Web Services. AWS helps organizations accelerate their digital transformations and innovate faster, but there are common misconfigurations when moving to AWS.
Developers use open source code because it facilitates fast development. In fact, the vast majority of code in modern applications is open source. But just like any other code, open source libraries are open to vulnerabilities that can negatively affect a wide range of end-user products. So with widespread usage of open source, it's important for teams to be aware of the risks that can be hidden in the libraries they use.
Cross-Site Scripting (XSS) is a type of vulnerability that involves manipulating user interaction with a web application to compromise a user's browser environment. These vulnerabilities can affect many web apps, including those built with modern frameworks such as Django. Since XSS attacks are so prevalent, it's essential to safeguard your applications against them. This guide discusses how XSS vulnerabilities originate in Django apps and what you can do to mitigate them.
Establishing a thriving security culture across your organization will rely heavily on your developer teams. Therefore, engaging with developers early and often while you build your security program is vital. In this playbook for Chief Information Security Officers (CISOs), we explore how to build a security culture across your organization by considering the following three things.