As DevOps turns to multi-cloud, workload containerization, and infrastructure-as-code, securing and distributing secrets across teams and environments has become a complex undertaking. Left unmanaged, this leads to secrets sprawl; in other words, the exposure of credentials in source control servers, DevOps tools, and every component that makes up the software development life cycle (SDLC). With exposed secrets, attackers can easily access an organization’s critical resources. They can breach the perimeter to carry out attacks, hijack computing power, exfiltrate customer data and compromise the integrity of the software supply chain.

JavaScript is widely used in both backend and frontend applications. Crashes that cause downtime or other security issues are very common in NodeJS packages. Jazzer.js makes it easy for developers to find such edge cases. In this live stream, Norbert will show you how to secure JavaScript applications using the open-source fuzzer Jazzer.js.

With JFrog Advanced Security, you can now intelligently deliver secure software at speed and scale with the industry’s only DevOps-centric security solution. The new advanced security solution unifies developers, operations, and security teams to safeguard the software supply chain in a holistic, hybrid, multi-cloud platform.

Ransomware is still on the rise and does not bypass DevOps ecosystems and SaaS services. Backup is the final line of defense against ransomware so it should be ransomware-proof itself. Watch the video and check on how to ensure the security and continuity of operations in your DevOps environments. Join the discussion of Mackenzie Jackson, Developer Security Advocate at GitGuardian, and Greg Bak, Product Development Manager at GitProtect to learn more about.

Watch this webinar to learn about the challenges in securely delegating access to your AWS resources. Specific topics covered include.

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

This User Office Hours session covers how to build a secure CI/CD Pipeline with GitHub Actions and Snyk. First, we'll build a demo application. Then, we'll walk through how to test for security issues using Snyk Open Source and Snyk Code. We'll then go on to deploy a container image. Missed the live stream? Feel free to ask questions in the comment section, and we'll do our very best to answer them.

Zero Trust, a phrase coined by Forrester in 2009, is not a commonly used cybersecurity strategy in Australia and the Asia-Pacific region. In the United States, large technology companies and the federal government have been eager to adopt Zero Trust. But in Australia and New Zealand, Zero Trust adoption has been prolonged. People were confused about what Zero Trust means.

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan competed in a 60 second charity challenge to share their take on the issue of victim-blaming for phishing attacks. The episode ends with a deep dive on cyber threats ahead of the U.S. midterm elections on Nov. 8.

Ransomware attacks are dramatically increasing in number and frequency year over year, with high-impact, headline-making incidents continuously growing in volume and scope. Ransomware gangs are also looking at their primary victim’s business partners to pressure them into paying a ransom to prevent data leakages or business disruptions caused by the attack.