Blog

In the latest video of our Security Culture series we talk about remote work and security. You can also listen in on our podcast. Remote Will Be Important For a While In light of Coronavirus / Covid-19 and in particular, the key CDC recommendation that we implement social distancing (work from home), we wanted to […]

In light of Coronavirus / Covid-19 and in particular, the key CDC recommendation that we implement social distancing (work from home), we wanted to try to write a helpful post about working remotely securely. Jemurai has always been remote friendly, with employees sprinkled across the US and we can talk about what makes our remote […]

In the latest video of our Security Culture series we talk about software dependencies. You can also listen in on our podcast. The Basic Problem When we build software, we use lots of libraries that we didn’t write. They could be open source, they could be commercial, they could even be framework code provided by […]

In the latest video of our Security Culture series we talk about passwords and password managers. You can also listen in on our podcast. Password Problems The first thing to know is that weak passwords are often the easiest way to get access to information. People: Choose really simple passwords, like password or abcd1234 When […]

Over the past two months we’ve been hearing a lot of buzz about CMMC, both with active customers and security partners. In this post, we will talk about our initial high level reaction to the significant new standard. We’re doing a webinar on March 4 at 1:00 PM CST with a customer, CalcuQuote, to talk […]

In the latest video of our Security Culture series we talk about testing for authorization. You can also listen in on our podcast. Authorization Authorization is the idea that a user can only do what they should be able to based on their role. It is synonymous with access control. Consider the case of a […]

In the latest video of our Security Culture series we talk about handling secrets. You can also listen in on our podcast. What Is a Secret What is a secret? In this context, a secret could be any of the following: A database password An SSH Key A private key An API Key An AWS […]

In the latest video of our Security Culture series we talk about static analysis. You can also listen in on our podcast. There are a lot of static analysis tools out there. The simplest might be eslint, for which there are even security rulesets - the docs for which have some handy illustrations for the […]

In the latest video of our Security Culture series we talk about why patching is so important. Patching is the process of updating software. This applies to laptops, phones and servers. It even applies to services running on our servers, like web servers or database servers. It can also refer to the libraries we use […]

In the latest video of our Security Culture series we give a quick summary of 3 gift card scams we’ve seen recently. This topic is less technical and more social engineering focused, but it is relevant to developers and general audiences alike. In the first scam, I got an email from someone I know. It […]