The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.


Is IT security under attack?

From credential theft to network vulnerability exploitation and ransomware incidents on highly secure organizations, the year 2020 has been surprisingly rough on IT security. In the wake of the COVID-19 pandemic, companies around the world are reporting more cyberattacks than ever before, and although the techniques used or the method of attack may be new, the vectors of attack over the years remain unchanged.


Vulnerability scanning vs. Penetration testing: comparing the two security offerings

It’s no secret: the number of security vulnerabilities organizations must contend with is overwhelming. According to a 2019 Risk Based Security report, there were 22,316 newly-discovered vulnerabilities last year. One Patch Tuesday disclosed a record number of 327 vulnerabilities in a single day. Just keeping up is becoming a monumental task. But knowing where and how your organization may be vulnerable is critical to maintaining a healthy security posture.


Top Tips for Getting Started With a Software Composition Analysis Solution

You’ve purchased a software composition analysis solution, and you’re excited to start scanning. Before you do, read our top tips for getting started with WhiteSource. Following some basic guidelines ensures your implementation gets off on the right foot.


Kubernetes Threat Vectors: Part 2 - Execution

Welcome to our second blog post on the Kubernetes threat vectors series. We are covering different tactics on the Kubernetes attack matrix, published by Microsoft and originally based on the MITRE ATT&CK framework. On the first blog we reviewed the Initial access tactic and its techniques and today, we are moving on to Execution. Let’s get started. What is Execution?


3 Ways Automation Can Reduce SOC Analyst Burnout

The 2020 Devo SOC Performance ReportTM presents security professionals’ responses to a variety of survey questions related to people, processes, and technologies within their security operations center (SOC). One of the more interesting topics in the report is the role security automation technologies can play in improving SOC performance and alleviating analyst stress caused by overwork and performing repetitive, mind-numbing tasks, which can lead to analyst burnout.

power admin

What Are the Pros and Cons of File Sharing?

File sharing is a method used by some organizations where multiple employees have access to the same files. How the files are accessed does vary depending on the user environment. The files could be shared between two computers, where the files are stored on one computer and another user accesses them from their workstation. The files might be stored on a network file server instead of on a local workstation.


How to make the future IoT more secure

IoT security begins with building secure software. Learn how to embed security into your SDLC to avoid becoming an easy target for hackers. In this, the final week of 2020’s National Cybersecurity Awareness Month, the focus is the future of connected devices. And some things about that future are pretty easy to predict. There will be more devices—billions more.


A Software Security Checklist Based on the Most Effective AppSec Programs

Veracode’s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security.

Veracode State of Software Security Vol. 11

Veracode, the largest global provider of application security testing (AST) solutions, announced the State of Software Security (SOSS) Volume 11 revealing 76% of applications contain at least one security flaw and fixing those flaws typically takes months. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find. Watch as Veracode's Chris Eng and Tim Jarrett break down the key findings from SOSS 11, with specifics on what's within developers' control as they seek to improve the security of their applications.