Case Study: How Lightspeed ensures full security compliance with Escape

Case Study: How Lightspeed ensures full security compliance with Escape

Discover how Lightspeed, the unified point of sale and payments platform, maintains security compliance, and explore its API security challenges ...

The Secure Java Developer’s Toolkit

Java remains one of the most popular and widely-used programming languages. It’s not just about writing and running Java programs, though. A typical Java developer working in Linux has an entire ecosystem ...
Case Study: How Escape enhanced Shine's application security

Case Study: How Escape enhanced Shine’s application security

Discover how Shine, an online banking for professionals, enhanced API security. Explore their challenges and the transformative impact of Escape ...
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More

Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More

Software supply chain attacks have been increasing both in frequency and severity in recent months. In response to these attacks, the CISA has even released a cybersecurity information sheet (CSI) on how ...
Announcing Gato Version 1.5!

Announcing Gato Version 1.5!

On January 21, 2023 at ShmooCon 2023, Praetorian open-sourced Gato (Github Attack Toolkit), a first of its kind tool that focuses on abusing offensive TTPs targeting self-hosted GitHub Actions Runners. Since then, ...
Praetorian GitHub Attack Toolkit (GATO) Demo

Phantom of the Pipeline: Abusing Self-Hosted CI/CD Runners

Introduction Throughout numerous Red Teams in 2022, a common theme of Source Control Supply Chain attacks in GitHub repositories has emerged. After many hours manually hunting for and exploiting these attack paths, ...
detection-as-code, misconception

Debunking 5 Myths About Detection-as-Code

Would you let misconceptions keep you from adopting a tool that can help your security team do its best work? In my ten years of building security monitoring solutions, I learned that ...
Security Boulevard
Thundra Logo

8 CI/CD Metrics You Should Monitor

| | CI-CD
In a modern software development process, several steps are typically carried out to create a software system. These steps often build on each other, with each step providing the foundation for the ...
Thundra Logo

Introduction to Continuous Integration Observability

| | CI-CD
Continuous integration (CI) is a DevOps practice whereby code contributed by engineers is integrated into a project frequently and automatically. CI involves the use of a shared version control system (VCS), which ...
microsegmentation

Why Microsegmentation is Critical for Securing CI/CD

Modern development environments are characterized by cloud-native technology, microservices architectures and DevOps or DevSecOps teams working in close coordination throughout the development life cycle. The continuous integration/continuous delivery (CI/CD) pipeline is the ...
Security Boulevard