Blog

Jemurai's Digital Stream of Consciousness

Security Culture - Patching

Security-culture February 06, 2020

In the latest video of our Security Culture series we talk about why patching is so important.

Read More
Security Culture - Gift Card Scams

Security-culture January 30, 2020

In the latest video of our Security Culture series we give a quick summary of 3 gift card scams we’ve seen recently.

Read More
Dependency Management — A nightmare scenario

Security Open-source January 27, 2020

Dependency management has become a very important part of insuring the security of your applications. We’ve written about it many times in the past and even highlighted some horror stories from the Node community where it’s not uncommon for a single project to have hundreds or thousands of dependencies developed and maintained by a variety of sources. We as a community have adopted tools (such as central repositories of security advisories) and processes like semantic versioning to help reduce the burden of maintaining an application with large numbers of external dependencies. In this post we describe a situation in which what should be a harmless and routine update of external dependencies resulted in a horizontal privilege escalation.

Read More
Security Culture - Injection

Security-culture January 23, 2020

In the latest video of our Security Culture series we give a 2 minute overview of Injection, which is a serious class of vulnerability that can happen in any language.

Read More
Security Code Review Tool - CRUSH

Security Open-source January 15, 2020

We often do code review for companies. Code review is a great control whether or not you are running SAST or other tools, and we look for different things depending on the circumstances. Sometimes the review identifies gaps in authorization that tools can’t find anyway. Other times the language (eg. Clojure or Elixir) is poorly covered by tools, and clients want assurances that the code is being written securely.

Read More
Security Culture - Introducing OWASP

Security-culture January 08, 2020

In the latest video of our Security Culture series we give a 2 minute overview of OWASP.org, an amazing resource for developers.

Read More
Introducing The Security Culture Series

Security-culture January 07, 2020

A client recently asked how they could improve their security culture. It’s not an easy (or even always achievable) task to build the kind of security culture you might want. This post introduces a content series that is intended to help bring security to developer teams.

Read More
December SPIO Update

Spio December 18, 2019

In November and December, we added a number of things to SPIO:

Read More
Clojure Security and Signal

Security November 27, 2019

As a developer focused consultancy, we thrive in situations where we work in new languages or try new or different things related to building apps. So when we had a chance to do some deeper security work with Clojure and specifically with Pedastal apps, we jumped at the chance.

Read More
Why Developers Matter For Security

Security November 07, 2019

This post talks about the critical importance of actively engaging software developers in security activities and presents a few timely real world examples where this was not done sufficiently and companies paid the price.

Read More

← Newer posts 2 of 9 Older posts →

Blog

Want to stay up to date with the lastest from Jemurai?