Key learnings from the State of DevSecOps study opsdemon Wed, 29/05/2024 - 09:00 We recently released the State of DevSecOps study, in which we analyzed tens of thousands of applications and cloud environments to assess adoption of best practices that are at the core of DevSecOps today. In particular, we found that: In this post, we provide key recommendations based on these findings, and we explain how you can leverage Datadog Application Security Management (ASM) and Cloud Security Management (CSM) to improve your security posture. https://www.datadoghq.com/blog/devsecops-2024-study-learnin ..read more

Older, Larger, Riskier: The Correlation Between Application Age and Security Debt in the Public Sector opsdemon Tue, 28/05/2024 - 09:00 Years of accumulated security debt due to unaddressed software vulnerabilities and inadequate security configurations plague the applications that support our government functions. The age and size of applications play a significant role in the accumulation of security debt. The State of Software Security 2024 report provides a detailed analysis of how these factors correlate with security vulnerabilities, particularly in older and larger applications. Here a ..read more

Top 10 app security problems and how to protect yourself opsdemon Tue, 28/05/2024 - 09:00 You know your latest web application is inherently vulnerable to all kinds of attacks. You also know app security can never be perfect, but you can make it better tomorrow than it was yesterday. The problem is that whether you’re using enterprise-grade (aka, expensive and complex) security tools, or have cobbled together a handful of open-source projects into a CI/CD pipeline or Git commit hooks and are hoping for the best, your toolkit can’t help you see. https://www.aikido.dev/blog/app-security-problem ..read more

Network Security and Application Security: The Power Duo of Cybersecurity opsdemon Tue, 21/05/2024 - 09:00 In a world with frequent technological changes, maintaining the trustworthiness and protection of your data and systems should be of paramount importance. With technology constantly evolving for the better, dangers and susceptibility could also make your online security more extraordinary. This is where the issues of network security and application security appear, which may be referred to as two complementary subtopics. Realizing the difference between these two domains is necessary to ..read more

How to Protect Your Cloud Assets from Being Cryptojacked opsdemon Fri, 17/05/2024 - 09:00 Cryptojacking attacks have become the most prevalent type of attack on cloud native infrastructures. For example, in 2022, there were 139M cryptojacking attacks, but the following year there were over 1 billion! That translates to nearly 3M cryptojacking attacks every day, on average in 2023. The reason these have become popular is that attackers begin to monetize immediately as their scripts are launched; they do not have to negotiate with companies over data ransom or other demands. In this video, we f ..read more

How to Protect Your Business From API Data Leaks opsdemon Thu, 16/05/2024 - 09:00 Application Programming Interfaces (APIs) are rapidly becoming the primary attack vector for cloud native applications. In fact, according to one study, 92% of organizations have already experienced a security incident resulting from insecure APIs. This is because loosely coupled microservices predominantly intercommunicate via APIs. In this video, we will analyze a ‘ripped from the headlines’ case-study example of data leakage via insecure APIs. Then we will examine various API vulnerabilities that can be explo ..read more

Scaling DevSecOps with Dynamic Application Security Testing (DAST) opsdemon Tue, 14/05/2024 - 09:00 In the swiftly evolving landscape of AI-driven software development, DevSecOps helps strengthen application security and quality. Dynamic Application Security Testing (DAST) is a key tool that helps scale your DevSecOps program by facilitating continuous and accurate security tests on running applications. DAST simulates real-world attacks, enabling you to identify security weaknesses and evaluate your application's defenses in response to actual attacks. Let's explore some actionable best prac ..read more

Cloud Unfiltered with Sathish Balakrishnan - Exploring the Future of AI and Automation - Episode 12 opsdemon Tue, 14/05/2024 - 09:00 Join host Michael Chenetz on this enlightening episode of Cloud Unfiltered as we dive deep into the realms of AI and automation with special guest Sathish Balakrishnan from Red Hat. Sathish, who leads the Ansible Automation Platform business, shares his valuable insights on how AI is enhancing automation technologies and the critical role of automation in leveraging AI effectively across industries. Panoptica Application Security Cloud Security Webin ..read more

Google Cloud affected by CVE-2021-30476 opsdemon Mon, 13/05/2024 - 09:00 CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control. https://kondukto.io/blog/google-cloud-affected-by-cve-2021-30476 Kondukto Application Security Blo ..read more

AppSec spring cleaning checklist opsdemon Mon, 13/05/2024 - 09:00 Something about the springtime sunshine and blooming flowers inspires many of us to start cleaning. For some, it might be tackling the backyard shed that accumulated cobwebs over the winter or that overflowing junk drawer in the corner of the kitchen. As you survey your home and yard and decide where to start cleaning, it’s also a great time to look at your application security program and see if any of your existing processes need some tidying up. Here are a few great places to start. https://snyk.io/blog/appsec-spring-cleanin ..read more