Blog

Jemurai's Digital Stream of Consciousness

Jemurai and OSS

Security Cloud security Open source software June 05, 2019

Today we added a section to our website to highlight open source software that we have been working on.

Read More
Update on SecurityProgram.io

Security Cloud security May 30, 2019

In late March we announced our new offering securityprogram.io. In this post we want to provide an update around what we’ve been working on through May and how it works.

Read More
User Auditing with GAA

Security Cloud security May 10, 2019

If you read the story about Samsung exposing SmartThings and AWS keys in code, which I came across through a Philippe De Ryck twitter post this AM, you might wonder how on earth those repositories came to be public. It turns out, that’s not that uncommon - and we wrote an open source tool to help clients work through this issue. This post introduces the tool and approach.

Read More
Encrypting Large Files

Security Cloud security April 23, 2019

We have a client that is doing interesting data science that depends on processing very large files (100GB) that are also transferred between parties.

Read More
Package managers

Security Cloud security April 17, 2019

Over the past few weeks we’ve been talking a lot internally at Jemurai about how package managers and the code repositories we use (often what people think of as open source) affect our security.

Read More
Announcing securityprogram.io

Security Cloud security March 29, 2019

At Jemurai, we do a lot of custom projects building and breaking things and helping teams build more secure code.

Read More
Exploring CloudTrail

Security Cloud security March 25, 2019

We had a customer ask us to dig for some indicators of compromise in their AWS account. We are already using our JASP tool to help them to check security configurations in general, so we took the opportunity to formalize some of what we’re doing into a tool which we plan to open source once we clean it up. This post presents some of the types of things that are challenging to just check in JASP and how we’re thinking about the tool.

Read More
Sharing Files with S3 Safely

Security Cloud security March 15, 2019

It seems to me like back in the day, all the companies we worked with shared files with FTP. Remember FTP? A surprising number of enterprise integrations patters depended on FTP and eventually SFTP.

Read More
Managing Dependencies

Security Appsec program February 20, 2019

A common question came up again this week working with a developer (and friend) at a partner that does custom software development.

Read More
Oops! A discussion about priorities and risk

Risk February 05, 2019

This post is about a case where we didn’t follow our own advice or industry best practices and it bit us. But then interesting other things ensued and we learned some things.

Read More

← Newer posts 2 of 8 Older posts →

Blog

Want to stay up to date with the lastest from Jemurai?