Mitigating NoSQL Injection Attacks: Part 2

Mitigating NoSQL Injection Attacks: Part 2

This is the second part of a two-part series on NoSQL injections. Last time, we covered the anatomy of a NoSQL injection, as well as how to mitigate it. In this post, ...
Hunting 0-days in Cisco DCNM with ShiftLeft Ocular

Hunting 0-days in Cisco DCNM with ShiftLeft Ocular

Hunting 0-days in Cisco Data Center Network Manager (DCNM) with ShiftLeft OcularSince the CVEs are now public, it’s time to show how ShiftLeft Ocular was used to discover three zero-day vulnerabilities in ...
Mitigating NoSQL Injection Attacks: Part 1

Mitigating NoSQL Injection Attacks: Part 1

In this first part of a two-part post series, we’ll reconstruct a NoSQL injection and cover the basics of mitigating it. In the second part, we’ll look at Server-Side JavaScript and Blind ...
What AppSec Can Learn From Developers’ Feature Bug Workflows

What AppSec Can Learn From Developers’ Feature Bug Workflows

In order to scale application security (AppSec) to meet the pace of the software feature development, AppSec must engage developers with new workflows that balance security and productivity. In order to meet ...
Podcast-Ep-7 #Shifting Left at Roblox — A conversation with Julie Tsai

Podcast-Ep-7 #Shifting Left at Roblox — A conversation with Julie Tsai

Podcast-Ep-7 #Shifting Left at Roblox — A conversation with Julie Tsaihttps://medium.com/media/8fc7d0da852ac4bbc3b362907bea2532/hrefThis article was initially published hereA conversation with Julie Tsai on her initiative of #ShiftLeft at Roblox. Julie is the Head of Information Security ...
Podcast-Ep-9 — From Darkness to Light

Podcast-Ep-9 — From Darkness to Light

Podcast-Ep-9 — From Darkness to Lighthttps://medium.com/media/913159bfa73b9b2b5773721ce8879314/hrefIn this episode of “Sources and Sinks, a conversation with ShiftLeft’s lead security researcher — Niko Schmidt. Niko opens up on his process, what he sees as the key threats and ...
Enabling Developer-Friendly Security in Kubernetes for GitOps

Enabling Developer-Friendly Security in Kubernetes for GitOps

This blog is co-authored by Prabhu Subramanian, Lead Architect at ShiftLeft, and Seth Mason, Product Manager at D2iQDevOps. GitOps. DevSecOps. Developers are doing more builds of microservices, and therefore have more surface ...
Podcast #ShiftLeft at Emirates Group — A conversation with Toufiq Ali

Podcast #ShiftLeft at Emirates Group — A conversation with Toufiq Ali

Podcast #ShiftLeft at Emirates Group — A conversation with Toufiq Alihttps://medium.com/media/78a318baa7a593c48f8886571c6b5e16/hrefA conversation with Toufiq Ali — Principal Cybersecurity Engineer at Emirates Group on developer focused security initiatives at the Group.Toufiq delves into the need of integrating ...
ShiftLeft Scan integrates with GitHub Code Scanning

ShiftLeft Scan ❤️ GitHub

ShiftLeft Scan ❤️ GitHubIt gives us great pleasure to announce that ShiftLeft Scan is now natively integrated with GitHub Code Scanning to help developers and teams keep their applications secure without slowing ...
Secrets, Security Insights and APIs!

Secrets, Security Insights and APIs!

Secrets, Security Insights, and APIs!ShiftLeft Inspect can now detect “hardcoded secrets” (across all languages), and provide “security insights” into your JavaScript code. ShiftLeft Inspect has also released a new version of API ...