Jemurai Logo

Blog

Filtering on: Security

Clear filter

  • Package managers

    Security Cloud security April 17, 2019

    Over the past few weeks we’ve been talking a lot internally at Jemurai about how package managers and the code repositories we use (often what people think of as open source) affect our security.

    Read More

  • Announcing securityprogram.io

    Security Cloud security March 29, 2019

    At Jemurai, we do a lot of custom projects building and breaking things and helping teams build more secure code.

    Read More

  • Exploring CloudTrail

    Security Cloud security March 25, 2019

    We had a customer ask us to dig for some indicators of compromise in their AWS account. We are already using our JASP tool to help them to check security configurations in general, so we took the opportunity to formalize some of what we’re doing into a tool which we plan to open source once we clean it up. This post presents some of the types of things that are challenging to just check in JASP and how we’re thinking about the tool.

    Read More

  • Sharing Files with S3 Safely

    Security Cloud security March 15, 2019

    It seems to me like back in the day, all the companies we worked with shared files with FTP. Remember FTP? A surprising number of enterprise integrations patters depended on FTP and eventually SFTP.

    Read More

  • Managing Dependencies

    Security Appsec program February 20, 2019

    A common question came up again this week working with a developer (and friend) at a partner that does custom software development.

    Read More

  • A Trello Template for AppSec Program Projects

    Security Appsec program January 30, 2019

    Trello

    Read More

  • Announcing SecuritySignal.io

    Security January 24, 2019

    We are pleased to announce our initial work on Security Signal.

    Read More

  • What is an AppSec Program

    Security Appsec program January 23, 2019

    Most companies that we work with are building software. That’s not a surprise because that’s our niche. Yet a surprising number of those companies don’t know about application security programs. Even companies with sophisticated security teams often struggle with application security and don’t take a programmatic approach to it. Why? Because it is really hard and requires knowledge of how application development and SDLC’s work. In this post, I’ll talk about some of the high level parts of successful AppSec Programs we’ve seen.

    Read More

  • Don't rely on X-XSS-Protection to protect you from XSS

    Security November 28, 2018

    The X-XSS-Protection header only helps protect against certain reflected XSS attacks. It does nothing for stored XSS attacks. Don’t rely on it to protect your site from XSS!

    Read More

  • Security in the SDCL (Reboot)

    Security Appsec program Sdlc June 07, 2018

    Today I was looking back for my blog posts about security in the SDLC from 2012-2016 and I realized that I had never migrated them forward to the new website when we updated. Whoops! So … in this post I want to recap in some detail what I’ve learned about security in the SDLC.

    Read More

  • Predictions Sure To Go Wrong for 2017

    Security December 22, 2016

    I don’t have much time to listen to Sports Radio anymore, but I used to love to listen to Mike & Mike on ESPN Radio.  They had a segment called Predictions, Sure to Go Wrong which was clearly their way of having fun making predictions while making fun of themselves and admitting they really had a strong likelihood of being wrong.  In that spirit, I offer these predictions for 2017.

    Read More

Want to stay up to date with the lastest from Jemurai?

Sign up for our monthly newsletter!