The field of cloud native development is rapidly evolving, but during this shift to modern environments such as Kubernetes, many DevOps teams are putting security on the back burner in a rush to move to cloud native environments. This is opening the door to a wide array of new security risks and numerous opportunities for unscrupulous cybercriminals — and machine identities are a prime example of this ...
In Episode 46 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the media hype surrounding the "Mother of All Breaches" ...
The acceleration of digital transformation and subsequent rise in API, containerization, and multi-cloud deployments are creating a dynamic attack surface that's growing increasingly complex. Maintaining visibility to keep track of new, changed, unmanaged, or insecure APIs grows increasingly difficult ...
In Episode 45 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the latest changes regarding Cybersecurity Maturity Model Certification (CMMC) assessments ...
For years, mainframe systems have served as the bedrock of enterprise networks, standing unmatched in terms of reliability, scalability, and data protection. But with emerging practices like DevOps, the rise of open-source, and the move to hybrid cloud models, security risks have become a pressing concern. With constantly changing rules and shifts in how software is developed and used, it's more important than ever to focus on mainframe security ...
DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024: In 2024, as Large Language Models (LLMs) become increasingly ubiquitous, we can anticipate a growing concern in the realm of developer security. There are two key aspects that warrant attention ...
DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024: AI will play a significant role in generating code, allowing for faster development with fewer human resources. But as code inevitably becomes more like open-source software, AI-generated vulnerabilities will become a bigger concern ...
DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024: Taking a step back from Shift Left Awakening: We will see a reversal in the "Shift Left" model, emphasizing the importance of strong security teams creating policies. Integration into CI (DevOps) pipelines will be streamlined, striking a balance between efficiency and security ...
In Episode 44 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present Security 101 Basics: how to get started on a cybersecurity career ...
Dark patterns, also known as deceptive design patterns, are user interfaces crafted to trick users into doing something they don't intend to, usually at their expense ... Surely this behavior is illegal? Well, sort of ...
If the use of AI is consigned to code generation, organizations may miss some of the most transformative opportunities for AI in software development. Let's walk through three ways to use AI in your DevSecOps workflows for faster cycle times and accelerated value stream delivery: predictive analytics, code testing and review, and security vulnerability detection ...
In Episode 43 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the social media hack of the SEC Twitter account ...
While developers are facing internal pressure to build next-generation applications at astronomical speed, security teams are wrangling with an increasingly volatile cyber threat landscape, growing consumer concerns for applications built to secure their data, and the broad surface of threats they have to cover along with API security ... In most instances, the roadblocks faced by both teams comes down to a lack of clear communication and the absence of workflow policies and procedures, which often prove detrimental.So how can organizations start to bridge this gap and enable these teams to perform together at the highest level? ...
In Episode 42 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss public infrastructure security ...
Lines of code bridge the gap between digital worlds, enabling seamless data sharing and functionality between different software systems. With this heightened interconnectivity, API security becomes paramount to protect sensitive data and ensure the integrity of digital services. While OAuth has been a widely adopted protocol for API security, it's essential to recognize that it alone may not suffice to address all security challenges. In fact, there are many limitations of OAuth and other advanced security measures to bolster API security ...
In 2024, we will continue to see globally significant advancements in information security and regulatory compliance spending for organizations of all sizes. From zero trust architecture to the integration of AI-driven solutions and the growing emphasis on regulatory alignment, 2024 will redefine how organizations safeguard sensitive information, navigate compliance complexities, and fortify their API ecosystems. Understanding and adapting to these transformative trends will be pivotal for businesses aiming to stay resilient, secure, and compliant in a time noted for rapid technological advancements and stringent regulatory landscapes. Here are our predictions for information security in 2024 ...
In Episode 40 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the latest court ruling about the Apple and Google App Stores ...
In Episode 39 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the AI Alliance ..
In Episode 38 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the security implications of the latest Apple iOS NameDrop feature ..
The OWASP Foundation updated the API Security Top 10 list for 2023, outlining the most critical security risks for APIs in production. The updated guidance highlights just how much the API security landscape has changed since the original list was published in 2019 — including the rapid rise of business logic attacks (BLAs). Three of the top five categories on the Top 10 list are now related to business logic abuse, compared to just two in 2019. The updated list underscores the fact that if organizations want to bolster their API security, implementing safeguards capable of detecting and remediating abuse of business logic needs to be a priority ...
Recent research conducted by ESG and sponsored by Mend.io found just 52% of companies can effectively remediate a critical vulnerability — and even fewer (42%) are confident in their ability to manage the security and compliance risks associated with open-source software ...
Cyberattacks are publicized much more frequently than the hard work security teams put in to stop them. 2017's WannaCry and 2022's Log4Shell were amplified by companies' failures to install readily available patches, causing highly destructive, expensive, and embarrassing consequences for victim organizations ...
In Episode 36 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss cloud security ...
In Episode 35 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss cybersecurity freemium solutions ...
The marriage between AI and API security seems like an odd pairing at first. Dubbed a threat to API security, generative AI applications can be easily customized to create and run multiple scenarios to expose weaknesses in APIs. Moreover, given the right datasets, hackers can train AI to plan and execute attacks that evade traditional API security solutions. However, those qualities make artificial intelligence and machine learning the technology that may be missing in your API security stack ...
