What is Dependency Confusion?
Dependency confusion occurs when a malicious package with the same name as a private package is published in a public repository, tricking systems into using the malicious version.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Out of This World Cybersecurity
From cybersecurity Executive Orders, to Emergency Directives, to establishing a presence on the moon, cybersecurity at NASA encompasses a wide variety of both Information and Operational Technology assets, some of which are literally out of this world. Attendees will gain insights into the challenges and best practices in securing critical assets in highly dynamic and complex environments.
Dev First Prevention Strategies Using the CI/CD
Watch this office hours where we cover best practices for introducing a blocking/prevention strategy using the CI/CD Integration. Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers.
The Shift to the Cloud and its Implications for Application Security
Everybody’s doing it: shifting applications to the cloud. More flexibility. More storage. More scalability. But how does this affect application security? What challenges does it present?
The State of Secrets Sprawl 2023
In 2022, we scanned a staggering 1.027 billion GitHub commits! How many secrets do you think we found? For the 3rd year in a row, I am excited to share with you the findings of The State of Secrets Sprawl! This report from my team at GitGuardian is the most extensive analysis of secrets exposed in GitHub and beyond!
GitGuardian incident auto severity scoring
Manual severity assignment requires a case-by-case examination of your open incidents and can be time-consuming for your teams. GitGuardian's severity scoring feature automates this approach, where and when applicable, to the incidents in your workspace so that you can save time on their triaging and prioritization. Automated severity scoring comes in handy after running a historical scan on your perimeter that surfaces hundreds or thousands of incidents. It can help you focus your remediation efforts on the most critical incidents first!
Schedule and Automate Postgres Backups on Kubernetes
Postgres, also known as PostgreSQL, is a powerful open-source relational database that has been around for over 30 years. It has a strong reputation for reliability, scalability, and performance, which is why it is used by a wide range of organizations, from small businesses to large enterprises, across various industries. Whether you need to store and retrieve large amounts of data, run complex queries, or support business-critical applications, Postgres can handle it all.
SQL Server hardening
To safeguard the SQL layer against common SQL-based attacks, including Denial of Service, Brute Force, and SQL injections, and to prevent privilege escalations, hardening the SQL server is of utmost importance. Achieving compliance and satisfying auditors also necessitates SQL hardening. By implementing SQL hardening measures at both the application and operating system levels, the organization can significantly reduce its attack surface and eliminate critical vulnerabilities.
Going Beyond Network Perimeter Security by Adopting Device Trust
It’s a familiar nightmare you’ve heard of and might even face as a developer or security engineer: alerts firing in all directions warning that your company’s VPN and firewall — that supposedly “safe” defensive perimeter around your infrastructure — has been breached. And the scariest part is that you find out after the fact — after access credentials and customer assets have been stolen.
Overview of Teleport 12: Device Trust and Desktop Access
Join us as we showcase the latest features of Teleport, the first identity-native infrastructure access platform for engineers and machines. Teleport delivers phishing-proof zero trust for every engineer and service connected to your global infrastructure by replacing insecure secrets with true identity.