Learn From AWS Security Expert, Aaron Bedra

Learn From AWS Security Expert, Aaron Bedra

Keely Caldwell No Comments

Our Chief Scientist, Aaron Bedra, will be on the road over the next month speaking at a few conferences. Most of his talks will involve around AWS Security and security for developers.

Aaron, a senior level security developer, has worked as a CSO and CTO and is the co-author of Programming Clojure, 2nd and 3rd Edition.  

You can catch Aaron at any of the conferences below:

Sunday, 4/22
Topic: AWS Security Essentials and Adaptive Threat Monitoring


Tuesday, 4/24
Topic: AWS Security Essentials


Thursday, 4/26
Topic: Security and Trust in a Microservice World


Monday, 4/30 (Keynote Speaker)
Topic: Security Skills for Developers


Wednesday, 5/9 (Keynote Speaker)
Topic: The Cost of Complexity


Monday, 5/14
Topic: AWS Security


Friday, 5/18
Topic: AWS: Critical Security Solutions for Developers

Free Developer Security Training Wed, 11/15 @ 1pm CST

Keely Caldwell No Comments

Jemurai is hosting a free Dev Security training on “3 Open Source Tools for Secrets Management.” Join us at 1 pm CST on 11/15, and learn from Jemurai CEO and application security expert, Matt Konda.

In this training you will learn:

  • Security vulnerabilities that emerge from storing secrets in Git
  • 3 open source tools for managing secrets
  • Solutions in clear language, applicable to both engineering & security

This training is beneficial to the leadership and staff of both engineering and security teams.

Sign up here: https://www.jemurai.com/webinar/3topopensourcetoolsforsecretsmanagement

Free Developer Security Training: Improve Your Application Security Wed, 10/10 @ 1PM CST

Keely Caldwell No Comments


We have a free developer security training:“3 Practices Your Dev Team Can Adopt Today to Improve Application Security.” It takes place on this Wednesday, October 11 at 1 PM CST.

You will learn:

  • Why it’s important for Devs & Devs management to add security into the SDLC: architecture, user stories code review, unit & integration tests and Q&A
  • Actionable activities the Dev Team can implement today
  • Solutions described in clear language, applicable to both engineering and security

Sign up here: https://www.jemurai.com/webinar/3itemsdevscanaddtodaytoimproveapplicationsecurity

Jemurai takes an agile, iterative approach to implementing security into our clients’ code & SDLC. This free training will provide tips for doing so in your environment.

Mitigating the Vulnerability Widely Thought to Have Caused the Equifax Breach

Keely Caldwell No Comments

By: Warren Chain

The recent Equifax data breach may have exposed Personally Identifiable Information (PII) on over 143 millions Americans. 

It appears that this breach was caused by a Struts vulnerability – which allows a remote user to run code on a site. This vulnerability would be categorized under #9 of the OWASP Top 10 list of the Most Critical Web Application Security Risks.

Matt Konda, Jemurai CEO & OWASP GlobalChair, created a short video training for developers, where he shares his thoughts on mitigating this vulnerability.  

Check it out.

Mitigating the Vulnerability Widely Thought to Have Caused the Equifax Breach from Jemurai on Vimeo.

Insecure About Your Apps Security?

Keely Caldwell No Comments

Here at Jemurai, we take a human based approach to cybersecurity.

So, what does that mean? Security tools catch some vulnerabilities, but not all of them. For example, tools typically miss vulnerabilities related to business logic and user authorization and authentication. Addressing these vulnerabilities requires embedding security into your software development life cycle and code.

Want to learn more about securing your code?

Our CEO and the chair of OWASP, Matt Konda, is speaking on “3 Vulnerabilities That Security Tools Can’t Catch” at our free webinar on Wednesday, Sept. 13 at 1 pm CT.

This training will be valuable to the staff and leadership of both engineering and security teams.

Get information you can use today to improve the security of your code by signing up here.

You don’t want to miss this!

I Don’t Need A Security Policy…Right?

Keely Caldwell No Comments

By: Rocio Baeza

At some point, security policies will become an area that you will need to address in your company. If you are reading this, you are probably rummaging the internet for security policies. It’s likely that a client or investor is conducting some type of due diligence on your company and you’re looking to give them what they need so you can close the deal. Or maybe you’ve reached the line item in your business plan to tackle security. Regardless of the reason you’re here, we hope to provide you with more information to help you figure your next step.

Let’s start out with addressing some basic areas:


What is a security policy?

Security policies establish your company’s position on protecting data. If you’re in a regulated industry, this is likely “required” for you to stay in business. If you’re on the cutting edge of a new idea or product, you probably want to make sure that the valuable information you are creating is well-guarded. A security policy should be a document that captures your position on securing the data you process. The intended audience for the document are those employees (and/or contractors) that are helping you run your business.


When do you need a security policy?

The typical security professional will argue that you need a security policy as soon as you start to collect data. In the ideal world, yes, I too would agree with that position. However, let’s be realistic. Creating a company has many moving parts. You need to create an MVP (minimum viable product) before your business is able to generate revenue from customers or raise funding from investors. If you ask us, you need a security policy when your gut tells you that you need to address this.  Some of our customers find out they need a policy when they do their first big deal.


Our philosophy on policy …

We do policy differently than a lot of other security companies.  Many of our bigger customers have existing huge policy sets written by a legion of consultants that were actually copy and pasted from previous clients.  The policies don’t fit and they cost an arm and a leg to develop and maintain.

We aim to make policy simple.  If anyone on the team can’t understand it, it is not serving its purpose.  If it is more than a few pages, it is not serving its purpose because people won’t read it.


Where do you start?

Luckily, you have several options:

Option 1: Continue to run searches on Google for free security templates. Yes, there are many out there. Go on, go ahead and download the endless pages of Word documents. **Warning: You may need some eye drops after you’re done reading those documents.

Option 2: Find a big firm that charges a ton of money for their policy templates. It’s our experience that they tend to be heavy, super long, filled with jargon, and as a result will only fit with some heavy-duty customization.

Option 3: Try our policy bundle.  Our team of experts distilled the most important security policy into the simplest possible document.  We believe you will understand and be able to apply it out of the gate.