Security Code Review of a Banking Trojan — Cerberus

Security Code Review of a Banking Trojan — Cerberus

Security Code Review of a Banking Trojan — CerberusOver a year ago, I started hearing about this new Banking Trojan called Cerberus. The author of this malware reportedly used to ridicule security researchers on social media as per thehackernews.com article. The malware was sold as a complete package:MySQL seed data with payloads and ... Read More
ShiftLeft NG SAST integration with Bitbucket Code insights

DevSecOps with Atlassian Bitbucket

DevSecOps with BitbucketThis article was originally published at ShiftLeft Blog.In my inaugural post on DevSecOps with GitHub, I made an assertion that achieving good productivity is a continuous journey and a shared responsibility. While technology and security vendors offer good secure defaults out-of-the-box, an effective understanding of product capabilities along ... Read More
DevOps productivity series — GitHub for DevSecOps

DevOps productivity series — GitHub for DevSecOps

GitHub & DevSecOps Productivity TipsThis article was originally published at ShiftLeft Blog.My colleague Andrew Fife wrote about our passion to focus on developer experience and productivity with our NextGen Static Analysis platform. Productivity, just like Security, is not a one-time activity but is a continuous journey that requires frequent optimization ... Read More
Thoughts on the state of enterprise open source

Thoughts on the state of enterprise open source

“Open source is bad since it’s full of security vulnerabilities, unmaintained dependencies and poor documentation,” said this security vendor as they began their opening speech before delving into their product that offered open source dependency management and risk audits. As they started their demonstration, I could instantly acknowledge the irony ... Read More
(Re)Introduce application security to your team

(Re)Introduce application security to your team

This blog was originally published at blog.shiftleft.ioImagine you are a Development Manager or a DevSecOps leader in your organization thinking about AppSec.Having an open conversation about application security with your team is like having those difficult conversations with your teenagers. You know you’re trying to do the RIGHT thing, but ... Read More
Security Compliance Reports with Scan

Security Compliance Reports with Scan

Security Compliance Reports with ShiftLeft ScanThis blog was originally published at https://blog.shiftleft.io.9:00 am9:00 am — Start of your dayPicture this scenario. You are a Lead DevOps at your company with programming skills. Your new Head of Information Security just walked in and wants a quick catch up with your team. Before everyone ... Read More
Findings from the 2020 Verizon Data Breach Investigations Report

Findings from the 2020 Verizon Data Breach Investigations Report

IntroductionThe 2020 edition of Verizon Data Breach Investigations Report (DBIR) is out now. This edition is based on 32,000 incidents and 4,000 data breaches across sixteen industries. For the first time, DBIR uses the standard controls from CIS and MITRE ATT&CK frameworks making this report quite special for InfoSec professionals ... Read More
Are we ready for Cloud Workspaces?

Are we ready for Cloud Workspaces?

TL;DR - Yes, we are getting there, and we ❤️ them already!IntroductionWeb-based IDEs such as GitHub & Visual Studio Codespaces (originally Visual Studio Online), Gitpod based on Eclipse Theia are now offering a desktop-quality development environment entirely in a web browser. Developers and Security analysts can now work with different ... Read More
ShiftLeft Scan integrates with GitHub Code Scanning

ShiftLeft Scan ❤️ GitHub

ShiftLeft Scan ❤️ GitHubIt gives us great pleasure to announce that ShiftLeft Scan is now natively integrated with GitHub Code Scanning to help developers and teams keep their applications secure without slowing down their productivity. Scan can be effortlessly added to the GitHub action workflow and configured as per the ... Read More
DevSecOps formula

Dev + Sec + Ops != DevSecOps

Dev + Sec + Ops ! = DevSecOpsDevSecOps formulaHistorically, security vendors and code scientists around the world have been looking for a single universal formula to represent the notion of DevSecOps.In my previous posts, I had introduced ShiftLeft Scan and written about the cultural and process changes involved in transitioning ... Read More