Blog

Identity and Access Management Security Culture - Passwords and Password Managers Read More
March 6, 2020 -

In the latest video of our Security Culture series we talk about passwords and password managers. You can also listen in on our podcast. Password Problems The first thing to know is that weak passwords are often the easiest way to get access to information. People: Choose really simple passwords, like password or abcd1234 When […]

Read More
Security Compliance First Take on CMMC Read More
March 2, 2020 -

Over the past two months we’ve been hearing a lot of buzz about CMMC, both with active customers and security partners. In this post, we will talk about our initial high level reaction to the significant new standard. We’re doing a webinar on March 4 at 1:00 PM CST with a customer, CalcuQuote, to talk […]

Read More
Developer Resource Security Culture - Testing Authorization Read More
February 27, 2020 -

In the latest video of our Security Culture series we talk about testing for authorization. You can also listen in on our podcast. Authorization Authorization is the idea that a user can only do what they should be able to based on their role. It is synonymous with access control. Consider the case of a […]

Read More
Developer Resource Security Culture - Secrets Read More
February 20, 2020 -

In the latest video of our Security Culture series we talk about handling secrets. You can also listen in on our podcast. What Is a Secret What is a secret? In this context, a secret could be any of the following: A database password An SSH Key A private key An API Key An AWS […]

Read More
Developer Resource Security Culture - Static Analysis Read More
February 13, 2020 -

In the latest video of our Security Culture series we talk about static analysis. You can also listen in on our podcast. There are a lot of static analysis tools out there. The simplest might be eslint, for which there are even security rulesets - the docs for which have some handy illustrations for the […]

Read More
Developer Resource Security Culture - Patching Read More
February 6, 2020 -

In the latest video of our Security Culture series we talk about why patching is so important. Patching is the process of updating software. This applies to laptops, phones and servers. It even applies to services running on our servers, like web servers or database servers. It can also refer to the libraries we use […]

Read More
Security Trends Security Culture - Gift Card Scams Read More
January 30, 2020 -

In the latest video of our Security Culture series we give a quick summary of 3 gift card scams we’ve seen recently. This topic is less technical and more social engineering focused, but it is relevant to developers and general audiences alike. In the first scam, I got an email from someone I know. It […]

Read More
Developer Resource Dependency Management — A nightmare scenario Read More
January 27, 2020 -

Dependency management has become a very important part of insuring the security of your applications. We’ve written about it many times in the past and even highlighted some horror stories from the Node community where it’s not uncommon for a single project to have hundreds or thousands of dependencies developed and maintained by a variety […]

Read More
Developer Resource Security Culture - Injection Read More
January 23, 2020 -

In the latest video of our Security Culture series we give a 2 minute overview of Injection, which is a serious class of vulnerability that can happen in any language. Injection happens when user inputted data is treated as part of an OS command or part of a query - usually through string concatenation. As […]

Read More
Developer Resource Security Code Review Tool - CRUSH Read More
January 15, 2020 -

We often do code review for companies. Code review is a great control whether or not you are running SAST or other tools, and we look for different things depending on the circumstances. Sometimes the review identifies gaps in authorization that tools can’t find anyway. Other times the language (eg. Clojure or Elixir) is poorly […]

Read More
Menu
Menu
© 2019-2022 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram