software engineering
Measuring and Increasing Code Quality
At some point in a CTO’s career questions will be raised about “code quality” under their watch. Engineering teams will typically associate code quality with bugs and feature release velocity, while Product ...
Amid the Software Engineering Paradigm Shift, How Must AppSec Evolve?
Attitudes around software engineering have evolved, posing a key paradigm shift for organizations regarding how they think about and manage software engineering functions. As cloud adoption continues to accelerate, software engineering is ...
Spring4Shell: Spring Remote Code Execution Vulnerability
Spring unauthenticated RCE via classLoader manipulationPhoto by Emile Perron on UnsplashA critical zero-day vulnerability in the Spring framework was recently reported to Spring’s maintainer, VMWare. The vulnerability is an unauthenticated remote code execution ...
Women of Software Engineering: CivTech Specialist, Alsia Plybeah
As we continue to honor women in technology during Women’s History Month, we’re pleased to feature CivTech software engineer Alsia Plybeah, in our series, Code of Honor: The Women of Software Development, ...
Secure Software Summit Findings
Shifting Security Left is a Work In ProgressWhat are the biggest concerns on the minds of application security and developers?As part of the inaugural Secure Software Summit event, ShiftLeft polled conference participants on ...
Announcing the AppSec Ambassador Program
Passionate about securing software? Become an AppSec Ambassador!Photo by Emmanuel Ikwuegbu on UnsplashInterested in helping developers write secure code from the start? ShiftLeft has launched a program to support you in the mission ...
Malware Evolves to Present New Threats to Developers
Malware, or code written for malicious purposes, is evolving.Photo by Cécile Brasseur on UnsplashSoftware developers face new threats from malicious code as their tools and processes have proven to be an effective and ...
Hacking and Securing Python Applications
27 vulnerabilities to look out for in Python applications: Arbitrary file writes, directory traversal, deserialization, and more…Photo by Hitesh Choudhary on UnsplashSecuring applications is not the easiest thing to do. An application has many ...
The Complete Guide to Securing Your Software Development Lifecycle
How to improve the security of your application with strong DevSecOpsPhoto by 愚木混株 cdd20 on UnsplashThe unfortunate reality is this: application security is in an abysmal state. Industry research reveals that 80% of ...
Finding “Attackable” Open Source Vulnerabilities in JavaScript
Finding attackable open source vulnerabilities in JS applications with an intelligent SCA approachOpen Source Software (OSS) is at the core of today’s information technology. About 80% of companies run their operations on OSS ...
