Vulnerability Dashboard : Measure your progress to deliver secure apps

Vulnerability Dashboard : Measure your progress to deliver secure apps

Vulnerability Dashboard: Measure security quality of your releases over timeShiftleft is introducing a new Vulnerability Dashboard — A singular view of application security quality metrics including a list of vulnerabilities based on static/runtime analysis ...
How-to Identify Directory Traversal Vulnerabilities with ShiftLeft Ocular: A Detailed Code Example

How-to Identify Directory Traversal Vulnerabilities with ShiftLeft Ocular: A Detailed Code Example

How-to Identify Directory Traversal Vulnerabilities with ShiftLeft Ocular: A Detailed Code Example with DeepLearning4j and OpenRefine (CVE-2018–19859)In one of our most recent blog posts Chetan Conikee wrote about a directory traversal caused ...
Time Series at ShiftLeft

Time Series at ShiftLeft

Time series are a major component of the ShiftLeft runtime experience. This is true for many other products and organizations too, but each case involves different characteristics and requirements. This post describes ...
ShiftLeft for .Net

ShiftLeft for .Net

Today we’re announcing the general availability of our continuous application security service for the .Net Framework (.Net). .Net developers can now leverage the highest ever benchmarked source code analysis [1] to automatically ...
Open sourcing release plugin `sbt-ci-release-early`

Open sourcing release plugin `sbt-ci-release-early`

Today we’re happy to announce another open source project: sbt-ci-release-early. It’s an sbt plugin that takes care of automatically releasing your projects including git tags, and supports both your in-house setup (e.g ...
Beating the OWASP Benchmark

Beating the OWASP Benchmark

Tl;dr; Today, we present the results of evaluating ShiftLeft’s static analysis pipeline on the OWASP benchmark, where we achieve a true positive rate of 100% at 25% false positives. With a resulting ...
The Need for Real-World Runtime Protection Benchmarking

The Need for Real-World Runtime Protection Benchmarking

First-principles thinking is one of the best ways to reverse-engineer complicated problems and unleash creative possibility. Sometimes called “reasoning from first principles,” the idea is to break down complicated problems into basic ...
Introducing Gaum: An Open Source O/RM That isn’t an O/RM

Introducing Gaum: An Open Source O/RM That isn’t an O/RM

At ShiftLeft we’re firm believers in the value of open source software. We leverage too many libraries to count, which massively scales our feature velocity and reliability. We also believe in contributing ...
Can Security be a Business Enabler?

Can Security be a Business Enabler?

Finding, prioritizing, and fixing vulnerabilities during Development and protecting the applications from attacks in Production is the security best-practice. Yet, this is ineffective, resource intensive and exacerbated as organizations modernize their development ...
Oakland Port, Global Free Trade and Dev-Ops

Oakland Port, Global Free Trade and Dev-Ops

The Port of Oakland, Global Free Trade and Dev-OpsAbstract — In the mid-1960’s, the United States military was struggling with a logistics nightmare between Oakland and Saigon ports. The resultant, container-driven automation of the ...
Loading...