Zeno

Check out our new collection of mugs! Warm your soul with a beautiful mug.

Sponsor FAUN and reach developers where they are, not where you want them to be.

Download our mediakit.

6 IaC security and compliance tools you may need to secure your cloud.

By @boldlink

Improve your organization's application security by applying secure design patterns, avoiding anti-patterns, and adding security architecture analysis.

The two commonly-used security tools and detailing how they can help secure your projects.

This post focuses on the questions from CISOs and security teams. This builds on many related topics covered in the two prior posts on crucial questions from CIOs/CTOs and Boards and executives.

Considering when to apply or not apply VPC networking to a Lambda function and how to secure Lambda networking.

What do AppSec maturity levels look like?

BitSight research found that 25% of the S&P 500 and half of the top 20 most valuable public U.S companies have had at least one SSO credential for sale on the web.

When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire

Prompt injection attacks are where an AI language model backed system is subverted by a user injecting malicious input. The fundamental challenge is that large language models remain impenetrable black boxes.

One of the most common proposed solutions to prompt injection attacks is to apply more AI to the problem. This isn’t safe.

As adoption of CI systems and processes becomes more prevalent, organizations opt for a CI/CD architecture which combines SaaS-based source control management systems with an internal, self-hosted CI solution. Many organizations using such architectures allow these CI systems to receive webhook events from the SaaS source control vendors, for the simple purpose of triggering pipeline jobs.

To allow the webhook requests to access the internally-hosted CI system, the SaaS-based SCM vendors provide IP ranges from which their webhooks requests arrive, so these ranges can be allowed in the organization’s firewall.

This blog post dives into the potential security pitfalls of this control, and explains why it provides organizations with a false sense of security.

A software bill of materials (SBOM) is similar in nature. Essentially is a machine-readable inventory of all software components and dependencies utilized in an application. Software is becoming increasingly complex and increasingly composed. Without an SBOM, organizations lack visibility into the license and security risks associated with the software they are building or consuming.

Ox Security lands $34M in seed funding to strengthen software supply chains. Ox promise is to automatically block risks introduced into the pipeline and ensure the integrity of each workload, all from a single location.

Cado Security announced the availability of its platform in the Microsoft Azure Marketplace, an online store providing applications, and services for use on Azure. Cado Security customers can now take advantage of the productive and trusted Azure cloud platform, with streamlined deployment and management.

Cloud migration yields security gains, even in the heavily regulated financial services and healthcare sectors, according to a new report commissioned by digital services provider Presidio.

Zero-trust security startup Illumio Inc. announced a new endpoint solution designed to prevent breaches from spreading to clouds and data centers from laptops.

With the latest addition of Difenda Microsoft Information Protection & Governance, Difenda now offers eight managed and professional security services on the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. 

Endpoint security firm SentinelOne announced a $100 million venture fund that the publicly-traded company will use to invest other security startups.

MS-SQL servers with weak protection are being targeted. An ongoing campaign is looking to distribute the FARGO ransomware to as many Microsoft SQL servers as possible, experts have found. 

- Stream is looking for a Remote DevOps Engineer (Visa sponsorship) .
- Code.org is looking for a Remote Software/Security Engineer .

🚀 Get featured in our weekly newsletters (95k subscribers) and Linkedin page (18k followers) by posting your job to JobsForDevOps.com

Web Application Security Scanner Framework

This tools for custom quality gate when scanning sast in sonarqube.