In Episode 57 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss IoT vulnerabilities for consumers ...
DevSecOps
April 18, 2024
The runaway train of change continues at a relentless pace in the world of IT infrastructure. As computing drives from on-premises to the cloud out to the edge, the proliferation of devices shows no sign of letting up either ... What does this mean for DevOps? ...
April 12, 2024
In Episode 56 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss tax fraud and how to be aware of it ...
April 09, 2024
As companies grapple with the rapid integration of AI into web applications, questions of risk mitigation and security are top of mind. AI-infused coding and secure defaults offer the potential for improved security, but organizations are still challenged with practical steps beyond just writing intent into policies and procedures. Further there are unique challenges with consumer-facing models not related to work, but something that must be managed as part of the growing attack surface ...
April 08, 2024
Using open source software has many benefits for organizations. It fosters transparency and innovation, provides flexibility and customization, cuts cost on development and enables collaboration among other developers. However, organizations could open themselves up to risks if the open source software isn't developed securely ...
April 05, 2024
In Episode 55 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the latest Linux SSH attacks and their impact on supply chain ...
April 04, 2024
Recently, platform engineering has become the next big thing, sparking interest in its focus on developing self-service internal developer platforms (IDPs) for streamlined software delivery and lifecycle management ... In platform engineering, the platform is supported by layered services or tools, created and maintained by a dedicated product team, designed to help the needs of software developers by essentially stitching together components to create a frictionless developer experience ...
April 01, 2024
Today, more than 98% of websites around the world use JavaScript as their go-to client-side coding language. But this use introduces challenges — today the average web page has more than 60 third-party scripts that are unmonitored and have uncontrolled access to forms and data anywhere on the page. Here are four examples of challenges businesses are facing as a result ...
March 29, 2024
In Episode 54 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss a recent phishing attack at EMA, and what organizations can do about phishing ...
March 28, 2024
Over 80% of survey respondents indicated that a critical security issue in deployed software impacted their DevOps delivery schedule in the last year, according to the Global State of DevSecOps 2023 report from Synopsys ...
March 27, 2024
Software developers are showing an unprecedented surge of interest in generative AI, with topic engagement in GPTs — a family of artificial intelligence models — increasing 3,600% year over year, according to O'Reilly's Technology Trends for 2024 report ...
March 26, 2024
Security is taking a toll on productivity, according to the Software Supply Chain State of the Union report from JFrog. 48% of survey respondents said it typically takes a week or longer to get approval to use a new package/library, extending time to market for new apps and software update ...
March 22, 2024
In Episode 53 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the updated PCI DSS standards ...
March 20, 2024
Role Based Access Control (RBAC) is a method for regulating access to computer or network resources based on the roles of individual users within an organization. In RBAC, access permissions are grouped by role name, and access to resources is restricted to users who have been authorized to assume the associated role ...
March 18, 2024
Nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities, representing a sharp uptick from the previous year, according to the Open Source Security and Risk Analysis (OSSRA) report from Synopsys ...
March 15, 2024
In Episode 52 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present Security 101 Basics: Microsegmentation ...
March 14, 2024
While security is a top priority for developers, they are facing an uphill battle when it comes to time spent chasing vulnerabilities, the available scanning tools and alignment with security teams, according to the Developer Survey Report from Qwiet AI ...
March 13, 2024
The number and severity of API attacks and vulnerabilities are increasing according to the API ThreatStats™2024 Report from Wallarm — there was a 30% increase in API-related Common Vulnerabilities and Exposures (CVEs) and security bulletins in 2023 compared to 2022 ...
March 08, 2024
In Episode 51 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss third party identity providers ...
March 07, 2024
Sometimes, the most effective method of protection is to put yourself in the attacker's shoes so you can stay one step ahead of their next move. The same is true for penetration testing — If you can't beat 'em, join 'em ...
March 06, 2024
DevOps acts as an enabler when taking an application modernization approach ... As businesses evolve, embracing DevOps principles will be the cornerstone of their successful application modernization journey. These will ensure their software remains robust, secure, and user-friendly in the face of technological advancements and market demands. This blog explores the role of DevOps in application modernization ...
March 05, 2024
Policy as code is being explored by the industry as an alternative or expansion upon the long-term standards of role-based access control and entitlements. With policy as code, policies can be managed and automated using code written in a high-level language. It is a programmatic method of uniformly defining and enforcing policies throughout cloud native applications and their infrastructure ...
March 01, 2024
In Episode 50 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss supply chain security concerns and revisit the latest CMMC guidance ...
February 23, 2024
In Episode 48 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the most recent data showing that ransomware attacks are decreasing, while other more focused attacks are increasing ...
February 20, 2024
In the fast-paced world of modern business, application development teams face an immense amount of pressure to code faster than ever before ... However, prioritizing rapid development frequently leads to the neglect of security measures, creating a trade-off that can have significant repercussions, overburdening AppSec teams towards the end of the software development lifecycle (SDLC) and almost guaranteeing software vulnerabilities and exploits ...
