| |
| 🔗 From the web |
| |
|
| |
| SCA vs SAST: what are they and which one is right for you? |
| |
| |
| The two commonly-used security tools and detailing how they can help secure your projects. |
|
| |
|
| |
|
| |
| Crucial Questions from CISOs and Security Teams ✅ |
| |
| |
| This post focuses on the questions from CISOs and security teams. This builds on many related topics covered in the two prior posts on crucial questions from CIOs/CTOs and Boards and executives. |
|
| |
|
| |
|
| |
| You can’t solve AI security problems with more AI |
| |
| |
Prompt injection attacks are where an AI language model backed system is subverted by a user injecting malicious input. The fundamental challenge is that large language models remain impenetrable black boxes.
One of the most common proposed solutions to prompt injection attacks is to apply more AI to the problem. This isn’t safe.
|
|
| |
|
| |
|
| |
| BitSight Analyzed Exposed SSO Credentials of Public Companies |
| |
| |
| BitSight research found that 25% of the S&P 500 and half of the top 20 most valuable public U.S companies have had at least one SSO credential for sale on the web. |
|
| |
|
| |
|
| |
| Lambda Networking |
| |
| |
| Considering when to apply or not apply VPC networking to a Lambda function and how to secure Lambda networking. |
|
| |
|
| |
|
| |
| How we Abused Repository Webhooks to Access Internal CI Systems at Scale ✅ |
| |
| |
As adoption of CI systems and processes becomes more prevalent, organizations opt for a CI/CD architecture which combines SaaS-based source control management systems with an internal, self-hosted CI solution. Many organizations using such architectures allow these CI systems to receive webhook events from the SaaS source control vendors, for the simple purpose of triggering pipeline jobs.
To allow the webhook requests to access the internally-hosted CI system, the SaaS-based SCM vendors provide IP ranges from which their webhooks requests arrive, so these ranges can be allowed in the organization’s firewall.
This blog post dives into the potential security pitfalls of this control, and explains why it provides organizations with a false sense of security. |
|
| |
|
| |
|
| |
| How to Scale Your Application Security |
| |
| |
| What do AppSec maturity levels look like? |
|
| |
|
| |
|
| |
| Using Software Bill of Materials to Secure the Software Supply Chain Continuously |
| |
| |
| A software bill of materials (SBOM) is similar in nature. Essentially is a machine-readable inventory of all software components and dependencies utilized in an application. Software is becoming increasingly complex and increasingly composed. Without an SBOM, organizations lack visibility into the license and security risks associated with the software they are building or consuming. |
|
| |
|
| |
|
| |
| (In)Secure by Design |
| |
| |
| Improve your organization's application security by applying secure design patterns, avoiding anti-patterns, and adding security architecture analysis. |
|
| |
|
| |
|
| |
| Security Think Tank: Creating a DevSecOps-friendly cyber strategy |
| |
| |
| When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire |
|
| |
|
| |
|
