Mobile security has become more important than ever, especially as many employers adopt Bring Your Own Device for remote and in-house employees. What is TLS certificate pinning? Find out all about it and how to implement TLS pinning on Android and iOS apps and prevent man-in-the-middle (MiTM) attacks on mobile apps.
In this talk held at International PHP Conference in June 2019, Chris Holland takes an in-depth look at effective methods for identifying & avoiding the most common and devastating security pitfalls in web applications.
Security is no joke, especially as more and more companies are moving to cloud-based container setups. The stakes are high, and the price of a security breach can be catastrophic. CEO of NeuVector Fei Huang shares his thoughts about why DevSecOps matters and how to shift left and right to ensure security is considered all through the lifecycle, not just at deployment.
It is critical for organizations to develop a comprehensive application security strategy that includes the security of applications currently under development and legacy applications. Tim Buntel explains how.
When it comes to API security, even companies with world-class security teams like Facebook and Google are getting caught off guard. In this article, Bernard Harguindeguy offers 12 must-have best practices for protecting API infrastructure from hacking and abuses.
The agile development of software offers numerous advantages for developers and development teams. On the other hand, Agile also poses new security challenges. Christian Schneider shows in his session from DevOpsCon 2018 which security sins should not be committed in agile projects.
In this article, Ralf Huuck goes over his predictions for how the field of data security will shake out in the new year. What’s in store for 2019? Hopefully, more standardization within the field and less data breaches overall.
Time to put languages to the test. Which programming languages are the most secure and which have dents in their armor? A report from WhiteSource examined security vulnerabilities in some of the most popular programming languages and looked at the trends of high security vulnerabilities over the years.
According to Gartner, by 2022 API abuse will be the most frequented attack vector on the enterprises. In this tutorial, Dmitry Sotnikov shows how you can use your API contract file to locate and remediate some of the common API vulnerabilities.
Were you affected by the runC container breakout? Make sure your containers are all patched up and running safely and securely. When it comes to using containers, ensuring security should be everyone’s number one priority. What makes container vulnerabilities so dangerous?
Why do gaps keep appearing year after year? While the reason behind this is rather simple, the solution isn’t. In this article, Dr. Ratinder Paul Singh Ahuja makes an assessment of the security breaches and discusses what security will need in the future in order to deal with an ever-evolving infrastructure.
Despite the high quality of supportive tools in the field of security testing, this is still unknown territory for many development projects and therefore still has some unused potential. Christian Schneider’s session at DevOpsCon 2017 offers a well-rounded overview of the open-source tools used by security professionals and penetration testers in their daily work on the detection of security vulnerabilities.
Data Theorem recently launched two new API security products: API Discover, which helps enterprises combat what has been known as Shadow APIs, rogue APIs developers publish without proper enterprise security vetting that go undetected by today’s legacy security tools and API Inspect solution, which provides a continuous and automated security verification service to ensure the real-world operations of APIs always match their intended specs. We talked to Doug Dooley, Data Theorem COO about all this and more.
Earlier this month, we reviewed the research of Vladimír Smitka on open .git folders in websites globally. The results of his research were remarkable – 390,000 web pages were found with open .git directory! So we invited Vladimir for a talk on his research, GDPR implications and his views on open source vulnerabilities.
