secure by design
Central Publisher Portal now validates Sigstore signatures
As part of our ongoing efforts to enhance security and trust in the Central repository ecosystem, we are introducing Sigstore signature validation in the Central Publisher Portal. Sigstore is a project that ...
CISA Director Easterly to Leave When Trump Assumes Presidency
Jen Easterly, who took over as CISA director in 2021, will step down in January when Donald Trump takes over as president, creating an uncertain future for the critical cybersecurity agency and ...
Smarter AppSec: How ADR, Secure by Design and ‘Shift Smart’ are Redefining Cybersecurity | Application Security Podcast Takeaways | Contrast Security
If there’s one thing Jeff Williams learned from years and years of doing pen testing and threat modeling, it’s this: They're highly time-pressured ...
World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security
The World Economic Forum is advocating a shift in security thinking from secure by design to resilience by design in the face of the rapid development and expanding connectivity of emerging technologies ...
CISA and FBI Issue Alert on XSS Vulnerabilities
Cross-site scripting (XSS) vulnerabilities continue to be a major concern in today’s software landscape, despite being preventable. CISA and FBI have issued a Secure by Design alert to reduce the prevalence of ...
CISA and FBI Issue Alert on OS Command Injection Vulnerabilities
CISA and FBI issued a critical advisory on July 10, 2024, urging software companies to review their products and eliminate OS command injection vulnerabilities at the source. This urgent call comes in ...
Cybersecurity Insights with Contrast CISO David Lindner | 6/14/24
Insight #1 How many breaches do we need to endure before we realize that multifactor authentication (MFA) is the most important factor in preventing the successful use of compromised credentials in data ...
CISA and FBI Issue Alert on SQL Injection Vulnerabilities
SQL injection vulnerabilities, often abbreviated as SQLi, persist as a significant issue in commercial software products. In response to a recent highly publicized malicious campaign exploiting SQLi vulnerabilities in a managed file ...
OWASP Security Knowledge Framework
In this talk (embedded below), brothers Glenn ten Cate and Riccardo ten Cate identify issues in current secure coding practices. They show how to use the Open Web Application Security Project’s security ...
Big data analytics = Big security
In the last years big data has become a hot subject in the field of information technology and gaining more attention from our senior management. Companies are working on this “new” concept ...
