Prisma Clud

SEPTEMBER 14, 2023

Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research. The payload tries to steal secrets or create a reverse shell, whether running in pipelines or production environments. Is the GITHUB_TOKEN as accessible as other secrets? We’ll soon find out.

Malware 144

Malware Open Source Research Software 144

Tenable

APRIL 16, 2024

But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. The provenance contains the information needed to recreate the build if required, including the source repository tags that the build process uses.

Software Review 70

Software Review Software Systems Review Guidelines 70

Xebia

JUNE 19, 2023

Introduction Welcome to part three of the blog series about Application Security Testing. In this blog we are going to learn about Interactive Application Security Testing (IAST). Client-side code is not scanned for vulnerabilities. We will look at their SCA solution in a later blog. It is time to get practical.

Applications 130

Applications Testing How To Tools 130

Modus Create

MARCH 3, 2021

Chapter 14: Advanced Docker Security – Secrets, Secret COmmands, Tagging, and Labels. Chapter 15: Scanning, Monitoring, and Using Third-Party Tools. In February of 2018, Modus published a blog post, also named “ Docker for Developers.” Chapter 13: Docker Security Fundamentals and Best Practices.

Software Review 98

Software Review Technical Review Development Systems Review 98

Tenable

NOVEMBER 18, 2021

Web Application Scanning can help. An SSRF can be used by an attacker to access internal services that may be sensitive or to retrieve resources such as configuration files containing credentials and other secrets. As an example, cloud services like AWS provide endpoints that return metadata containing some sensitive data and secrets.

Applications 52

Applications AWS Network Examples 52

CircleCI

AUGUST 26, 2022

To keep things secure, we always need the same thing: a secret. What is a secret? Secrets are digital authentication credentials (API keys, certificates, and tokens) used in applications, services, or infrastructures. Watch the video: What is a secret? Why are secrets a problem in CI/CD environments?

Software Review 122

Software Review Authentication Systems Review Testing 122

Prisma Clud

JULY 26, 2023

It’s a best practice to scan images during the build process. Shifting left and scanning for compliance issues and vulnerabilities in the image build process can help eliminate runtime issues when instances are instantiated. If the scan results don’t meet the predefined thresholds, the build fails and no image is created.

Cloud 52

Cloud Compliance AWS Policies 52