August 22, 2024 at 06:42AM Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice involving ongoing, automated penetration testing to identify and mitigate vulnerabilities in an organization’s digital assets. It integrates with the software development lifecycle (SDLC) to ensure real-time vulnerability discovery and validation of security controls. CASPT is proactive, not limited to … Read more
August 20, 2024 at 07:18AM CISOs are facing challenges in justifying cybersecurity ROI, influencing security-first mindset, and addressing complex threat landscape. The need for a new approach is evident to uplift security culture and bridge the gap between developers. DevSecOps and continuous skills development are necessary to achieve next-level secure development and effective security programs. … Read more
July 22, 2024 at 04:37PM The Cloud Security Alliance (CSA) has released the Certificate of Cloud Security Knowledge (CCSK) v5 and the Security Guidance for Critical Areas of Focus in Cloud Computing v5. This updated program covers modern cloud components, state-of-the-art security best practices, and emerging technologies like GenAI safety and Zero Trust approach to … Read more
July 19, 2024 at 08:28AM The Cloud Security Alliance released CCSK v5, a comprehensive cloud security training and certificate for security professionals. It covers topics like incident response, data encryption, and application security. The program complements other education and provides in-depth information on cloud architecture, workloads, AI, and more. The exam is 120 minutes long … Read more
July 10, 2024 at 04:08PM GitLab addressed a critical vulnerability that allowed attackers to run pipeline jobs as other users in its Community and Enterprise editions. This flaw (CVE-2024-6385) had a severity rating of 9.6/10 and affected versions 15.8 to 17.1.2, impacting over 30 million users, including Fortune 100 companies. GitLab released updates and urged … Read more
June 26, 2024 at 06:57AM Software-producing organizations are facing increasing regulatory and legal pressure to secure their supply chains and protect their software integrity. The software supply chain has become a prime target for attackers, as seen in the Log4j breach. To address these security challenges, organizations should consider various measures, including governing the software … Read more
June 17, 2024 at 07:39AM Traditional application security practices are inadequate for modern DevOps, leading to costly vulnerabilities and compliance risks. DevSecOps integrates security into the entire software lifecycle, aiming to “shift security left” to catch vulnerabilities early. Successful implementation requires a culture of shared responsibility, collaboration, and early integration of security practices. For more, … Read more
June 11, 2024 at 05:24PM Backslash Security unveils new platform capabilities, including on-premises integrations, CI/CD integrations, and enhanced language support. These enhancements enable the platform to serve the entire software development lifecycle and the application security needs of large enterprises. Backslash’s reachability analysis aids in prioritizing and fixing reachable vulnerabilities, and the platform now offers … Read more
May 29, 2024 at 05:18PM VicOne and 42Crunch have teamed up to enhance API security for software-defined vehicles and the broader connected-vehicle ecosystem. The partnership aims to accelerate identification of threats at application runtime, improve dynamic risk assessment, and eliminate security blind spots. This collaboration brings together expertise in API security and automotive cybersecurity to … Read more
May 21, 2024 at 08:06AM The text discusses the challenge of making modern applications more secure without disrupting the high-velocity DevOps processes. It emphasizes the critical importance of building and running a DevSecOps practice, highlighting five guiding principles: establishing a security-minded culture, shifting security left, maintaining governance and guardrails, securing the software supply chain, and … Read more