CodeSecDays 2024: A Deep Dive in Software Supply Chain Security
GitGuardian Blog
by Thomas Segura
3d ago
After bringing together the French security community at an in-person event, GitGuardian hosted CodeSecDays, its annual worldwide gathering for the software security community. This global event brought together leading experts from Snyk, Docker, CyberArk, Chainguard, and CircleCI, for a full-day immersion in software supply chain security. It featured informative presentations and discussions on cybersecurity challenges and best practices in the industry. If you couldn't attend, here are some highlights from the conversations and roundtables! Roundtable 1: How to augment DevSecOps with AI? C ..read more
Visit website
Safeguarding Your Collaboration Tools: Tackling the New Favorite Targets of Attackers
GitGuardian Blog
by Ferdinand Boas
1w ago
Recent studies have shown that half of the security breaches involve secrets, either to gain initial access or move laterally from one system to another. Attackers are looking for this valuable information to reach their objectives. This has led attackers to expand the scope of their targets, as they're no longer only looking for vulnerabilities in systems and software architectures but everywhere they might appear. While working on projects, developers collaborate through various mediums, such as project management platforms, messaging tools, ticketing systems, and documentation. However, wh ..read more
Visit website
Fix Your Code, Track the Remediation
GitGuardian Blog
by Soujanya Ain
1w ago
Have you ever felt that fixing security vulnerabilities in your code is like finding a needle in a haystack? Well, you’re not alone. In the world of software development, detecting secrets is just the beginning. The influx of alerts in their dashboard from various tools can be overwhelming for security teams. On average, companies with around 400 developers encounter about 1,500 secret incidents. The real challenge is narrowing these down and addressing them efficiently—a task many teams struggle with. What if there was a way to make this process simpler and more effective? GitGuardian’s l ..read more
Visit website
Year in Review: GitGuardian's Own Security Team
GitGuardian Blog
by Guardians
1w ago
Kayssar Daher Lead Security Engineer at GitGuardian I'm a systems security & data privacy enthusiast specialising in securing SaaS platforms. In the past few years, I've worked for scale-ups in the fields of HRTech, FinTech & Cybersecurity. Throughout my career, I've focused on building systems & workflows that support security by default, and that make it easy for my coworkers to do their jobs securely. In July 2023, we published the first edition of GitGuardian's Security team year in review: Year in Review: GitGuardian’s Own Security Team Join security engineer Kayssa ..read more
Visit website
The Runtime Secrets' Security Gap
GitGuardian Blog
by Guest Expert
2w ago
Claude Robitaille CEO and Founder of NearEDGE Secrets management remains one of the hardest problems in application security. With over 12.8 million secrets detected in GitHub public repos in 2023, it’s even fair to say hard-coded plaintext credentials are a serious problem! In this blog post, I'm going to introduce a new way to deliver encrypted secrets anywhere in your infrastructure without having to worry about managing the decryption key, which has been a headache for many sysadmins for too long. The Challenge of Secure Secret Delivery Different secret management architectures ex ..read more
Visit website
Managing AWS IAM with Terraform
GitGuardian Blog
by Guest Expert
2w ago
Tiexin Guo OS Developer @Ubuntu CNCF ambassador | LinkedIn In my previous article on AWS IAM Security Best Practices, we covered a bunch of theoretical best practices on AWS IAM. In this tutorial, we will cover the basics of managing AWS IAM using Terraform. Side note: this blog post assumes that you already understand what Terraform is and know the basics of it. If not, start with a Terraform official tutorial. We'll see: Why and how to delete the Root user access key. How to create Admin Group/User How to enforce MFA with Customer-Managed Policy & Policy Condition How to custom ..read more
Visit website
CVE of the month, the supply chain vulnerability hidden for 10 years CVE-2024-38368
GitGuardian Blog
by Mackenzie Jackson
3w ago
We have a big one this month and it's brand new. CVE-2024-38368 is a vulnerability that affects the open-source supply chain of iOS and MacOS applications. This one comes from the amazing research team over at EvaSec who discovered three significant vulnerabilities within the CocoaPod ecosystem. Unauthorized account ownership CVE-2024-38368,  Remote code execution CVE-2024-38366 and Account takeover CVE-2024-38367. Honestly, I could write an entire article about each of these as they are significant. But the one I chose was the unauthorized account ownership because of the massive implic ..read more
Visit website
Balancing AI Performance and Safety: Lessons from PyData Berlin
GitGuardian Blog
by Thomas Segura
3w ago
Hi Nicolas! How was PyData in Berlin? Have you ever participated in a conference like this before? This was my first PyData event and it was a very positive experience! It was different from my previous academic conferences where I presented research papers at Amazon Alexa AI. PyData attracts more practitioners and companies doing data science and ML, focusing on engineering, development practices, and tooling. It’s a diverse mix of attendees from different organizations and open-source contributors. I gave a 30-minute talk after submitting a CFP with our ML team. Nicolas' talk at PyData Berl ..read more
Visit website
Elevating Cloud Security: Highlights from CloudNativeSecurityCon 2024
GitGuardian Blog
by Dwayne McDaniel
3w ago
When you think of Seattle, you might immediately think of Starbucks, the Space Needle. or maybe even Fraiser. You might not think about hills. The Emerald City is built on seven hills, though 'hill' is an understatement. This elevation helped early settlers stay dry and safe from the waves of Puget Sound while giving them a firm foundation for their houses. Like our brave ancestors, hundreds of security professionals gathered in Seattle to build a firm foundation and elevate their knowledge around securing applications at CloudNativeSecurityCon 2024! This was the second-ever CloudNativeSecuri ..read more
Visit website
Container Security Scanning: Vulnerabilities, Risks and Tooling
GitGuardian Blog
by Guest Expert
3w ago
Tiexin Guo Senior DevOps Consultant, Amazon Web Services Author | 4th Coffee Over the past decade, the rise of microservice architectures, the DevOps culture, and popular tools like Docker and Kubernetes have made deploying applications as containers standard practice in the industry, making container security a top priority. In this article, we will take a deep look at container security: what are the common container vulnerabilities, how to mitigate risks by container security scanning, and what popular container security tools and solutions are available to integrate into the SDLC ..read more
Visit website

Follow GitGuardian Blog on FeedSpot

Continue with Google
Continue with Apple
OR