DevSecOps is a philosophy that integrates security practices within the DevOps process. DevSecOps involves creating a ‘security as code’ culture with ongoing, flexible collaboration between release engineers and security teams. The main aim of DevSecOps is to make everyone accountable for security in the process of delivering high-quality, secure applications. This culture promotes shorter, more controlled iterations, making it easier to spot code defects and tackle security issues.
Microsoft's July 2023 Patch Tuesday updates highlighted several vulnerabilities under active exploitation, including one (or more?) that remains unpatched. Here's what you need to know about CVE-2023-36884, a zero-day vulnerability that attackers are exploiting to gain remote code execution via "specially-crafted" Microsoft Office documents.
Grafana is a rich platform for data visualization, giving you full control over how your data should be visualized. However, this flexibility and freedom comes with some challenges from a security perspective — challenges that need to be solved to protect the data in Grafana. For years, cross-site scripting (XSS) has been among the most common web application security vulnerabilities.
The security of your organization’s network is paramount to its success. With the ever-changing landscape of cyber threats, it's important to take the necessary steps to ensure that your network is secure and compliant with industry regulations. Ensuring compliance requires you to know what’s on your network. But how can that be done when only 48% of leaders and security professionals say they run their asset discovery program at least once per week?