Blog

Jemurai's Digital Stream of Consciousness

Security Culture - Vulnerable Dependencies

Security-culture March 12, 2020

In the latest video of our Security Culture series we talk about software dependencies. You can also listen in on our podcast.

Read More
Security Culture - Passwords and Password Managers

Security-culture March 06, 2020

In the latest video of our Security Culture series we talk about passwords and password managers. You can also listen in on our podcast.

Read More
First Take on CMMC

Security-culture March 02, 2020

Over the past two months we’ve been hearing a lot of buzz about CMMC, both with active customers and security partners. In this post, we will talk about our initial high level reaction to the significant new standard.

Read More
Security Culture - Testing Authorization

Security-culture February 27, 2020

In the latest video of our Security Culture series we talk about testing for authorization. You can also listen in on our podcast.

Read More
Security Culture - Secrets

Security-culture February 20, 2020

In the latest video of our Security Culture series we talk about handling secrets. You can also listen in on our podcast.

Read More
Security Culture - Static Analysis

Security-culture February 13, 2020

In the latest video of our Security Culture series we talk about static analysis. You can also listen in on our podcast.

Read More
Security Culture - Patching

Security-culture February 06, 2020

In the latest video of our Security Culture series we talk about why patching is so important.

Read More
Security Culture - Gift Card Scams

Security-culture January 30, 2020

In the latest video of our Security Culture series we give a quick summary of 3 gift card scams we’ve seen recently.

Read More
Dependency Management — A nightmare scenario

Security Open-source January 27, 2020

Dependency management has become a very important part of insuring the security of your applications. We’ve written about it many times in the past and even highlighted some horror stories from the Node community where it’s not uncommon for a single project to have hundreds or thousands of dependencies developed and maintained by a variety of sources. We as a community have adopted tools (such as central repositories of security advisories) and processes like semantic versioning to help reduce the burden of maintaining an application with large numbers of external dependencies. In this post we describe a situation in which what should be a harmless and routine update of external dependencies resulted in a horizontal privilege escalation.

Read More
Security Culture - Injection

Security-culture January 23, 2020

In the latest video of our Security Culture series we give a 2 minute overview of Injection, which is a serious class of vulnerability that can happen in any language.

Read More

← Newer posts 2 of 10 Older posts →

Blog

Want to stay up to date with the lastest from Jemurai?