The latest security technology and best practices to secure software applications, vulnerabilities and code.
Learn about the similarities and differences between patch and vulnerability management and what to look for in a solution. Read more
Open-source penetration testing tools are freely available software that help pentest teams identify areas of weakness in their systems. Teams often need a variety of tools to perform a full penetration test, so using the wide range of open-source pentesting tools helps them keep their costs down. And many pentesters are already familiar with well… Read more
Despite all of our investments in security tools, the codebase can be the weakest link for any organization’s cybersecurity. Sanitizing and validating inputs is usually the first layer of defense. Attackers have been using classic flaws for years with a pretty high success rate. While advanced threat actors have more sophisticated approaches such as adversarial… Read more
Andrej Karpathy is a former research scientist and founding member of OpenAI. He was also the senior director of AI at Tesla. Lately, he has been using Copilot, which leverages GPT-3 to generate code. He tweeted this about it: “Nice read on reverse engineering of GitHub Copilot. Copilot has dramatically accelerated my coding, it’s hard… Read more
Virtual patching uses policies, rules and security tools to block access to a vulnerability until it can be patched. Zero-day threats and legacy systems are two ways that vulnerabilities can be created for which no patch may exist for some time, if ever. In those cases, security teams can block a potential attack path until… Read more
Application security is the practice of securing software and data from hackers, whether that application comes from a third party or was developed in house, regardless of where it resides or how it’s accessed. As that definition spans the cloud and data centers, and on-premises, mobile and web users, application security needs to encompass a… Read more
GitHub has announced new features that could improve both developers’ experience and supply chain security. The “private vulnerability” reports announced at GitHub Universe 2022 will allow open-source maintainers to receive private issues from the community. Maintainers will be able to receive reports and collaborate with security professionals and all other issuers to patch vulnerabilities. Also… Read more
Patch management is all about helping organizations manage the process of patching software and applications. It encompasses functions such as testing patches, prioritizing them, deploying them, verifying that they are installed in all endpoints, and in general looking after every aspect of patching. But patching can be a time-consuming – and ineffective – task. There… Read more
In the ever-evolving fight against data loss, data breaches, and data theft in the 21st century, organizations worldwide have turned to a number of cybersecurity solutions, services, and software in an attempt to keep their data safe and secure from threats. One such solution is behavioral analytics, more specifically User and Entity Behavior Analytics (UEBA).… Read more
With two high-profile breaches this year, Okta, a leader in identity and access management (IAM), made the kind of headlines that security vendors would rather avoid. After seeing headlines like these, some executives and customers lose faith that multifactor authentication (MFA) technology, particularly Okta’s, will protect their organizations, but should they? The tech world defines… Read more