To create a security mindset within the engineering organization, security teams must enable engineering teams with the tools that suit their workflow. This article will explore how to bake security into the agile and DevOps way of working and what steps and practices to consider.
Phishing emails carrying sophisticated malware undetectable by standard antiviruses more and more often serve as the main infection vector for data breaches and various cyber-scams. Protection against such threats requires a more advanced solution — a system for detecting attacks on endpoints, aka EDR (Endpoint Detection & Response). This article reveals how EDR identifies sophisticated attacks and whether it is worth installing it yourself or choosing EDR-as-a-service.
Internet Explorer (IE) will be officially retired on June 15, 2022. Microsoft will altogether stop supporting and updating the pioneering web browser. As IE winds down, the question becomes, how does this affect businesses and existing software, and what will its full impact be?
One of the most common cases for cloud implementation is IT infrastructure modernization to increase its flexibility, security, and cost-effectiveness. Progress has its price — without proper management, utilizing a nontraditional, cloud-based infrastructure may cause risks.
What is Sonatype Lift and how can it help enhance security? We had a chat with Stephen Magill about how Sonatype Lift can help bring security beyond silos. Stephen also shares some security tips, how false positives affect cybersecurity, and where the biggest security threats lie in organizations.
Are we sitting on major security vulnerabilities right now? How has security changed in the past 20 years? We interviewed Ilkka Turunen, Sonatype Field CTO and Muzaffer Pasha, Security Evangelist at Traceable about how to achieve better security in open source and in your organization.
Gartner has predicted more than 75 percent of global organizations will be running containerised applications in production by 2022. With so many more moving parts to look at, developers have to automate how they gather data on their infrastructure components, while security teams have to understand the new models for applications too.
Data privacy regulations are relatively new and not well understood within an organization. With that context, the way organizations should approach data privacy isn’t only about compliance with regulations; it’s also the right thing to do to build trust with their customers. How do you introduce privacy and trust as part of your culture?
While financial services organisations have historically been strong when it comes to employing application security testing tools, more can be done to accelerate efforts and make these continuous. So what specific steps can be taken by companies in this space to address security in the software they create for the remainder of 2021, and how will this benefit them long term?
Jeff Williams, CTO and Co-founder at Contrast Security, spoke to us about the newest State of Application Security in Financial Services Report. Read his insights on the importance of observability, how false positives affect security, and the best practices we should all take.
We spoke with Brendan O’Leary Sr. Developer Evangelist at GitLab about remote working, the rise in security confidence, testing best practices, Kubernetes implementation, and more. Read on to learn more about what open source tools Brendan O’Leary suggests.
As software has become the backbone of modern business, cyberattacks have become an ever-present threat, making application security a critical necessity to ensure business continuity. This article examines four commonly found software security development issues and how to address them.
For DevOps professionals, the security of applications and application programming interfaces (APIs) is an increasing threat to their organizations. Jeff Williams discusses how many common security issues in your software stack can be addressed with the use of instrumentation.
Kevin Bocek discussed security with us, including the impact of a successful software supply chain attack, what security best practices we should all follow, and the difference between human and machine identity. Kevin shares his knowledge from over 16 years of experience in IT security.
