Blog

Jemurai's Digital Stream of Consciousness

  • Security Policies Rebooted

    Security policy

    Data security

  • Incubator: Canary Data

    Incubator

    JASP

  • Glue 0.9.4 and Scout2

    Engineering Open source

    We spend a fair amount of time building and using OWASP Glue to improve security automation at clients.  The idea is generally to make it easy to run tools from CI/CD (eg.  Jenkins) and collect results in JIRA.  In a way, Glue is like ThreadFix or other frameworks that collect results from different tools.  Recently, we thought it would be cool to extend some of what we were doing to AWS.  We have our own scripts we use to examine AWS via APIs but we realized that Scout2 was probably ahead of us and it would be a good place to start.

  • Signal, Audit and Logging – Introduction

    Engineering

    At clients, we work to make sure the best information is available to:

  • Automate All The Things

    Open source

    Automate all the things

  • The 10 OWASP Commandments

    Open source

    Here at Jemurai, we have at least a few Hamilton fans.  OK, I might be the biggest … but I’m definitely not alone.

  • What is Security Engineering?

    Strategy

    Security Engineer is an interesting title.  Across our customers, it has different meanings to different people.  At one end of the spectrum, it is a synonym for a security analyst, which we think of as a skilled resource focused on a very specific portion of security – maybe monitoring the SIEM, maybe running static analysis, maybe feet on the ground doing vulnerability management.  At the other end of the spectrum, security engineering is software engineering around security related features.

  • Glue Update

    Open source

    There have been several recent improvements with Glue.  Its been awesome to have more people committing to the project and adding in different ways.

  • Software Security Insurance

    Strategy

    Last week a well established application security company (that I respect) published availability of a $1,000,000 insurance policy for breach related costs related to applications it provides security source code review for.  I assume that the idea is that the review has more value if it has some financial assurance behind it.  Some folks who are cornerstones of the application security community, like Jeremiah Grossman, voiced strong support.

  • Glue 0.9.3

    Open source

    At Jemurai, we contribute extensively to OWASP Glue and use it on some of our projects where it makes sense to tie together automation around security.  We kept seeing the same types of integration challenges and found that it was useful to have a common starting point to solve them.  It is far from perfect and we would refer people to alternatives like ThreadFix and OWTF

Want to stay up to date with the lastest from Jemurai?

Sign up for our monthly newsletter!