Blog: Security Hires

Penetration Testing How To Buy A Pentest and Get The Most Out Of It Read More
September 28, 2022 -

How to make sure you get your money's worth for a penetration test - what to ask for, how to tell a great vendor from a scan factory.

Read More
Application Security AppSec - Zero Trust in Zero Trust Read More
August 30, 2022 -

The other day we were giving developers security training around server side request forgery (SSRF). We see this all of the time now (see this great and detailed post by our team on SSRF in Real Life). It can be shockingly damaging. In any case, during the training the developers brought up a very interesting […]

Read More
Jemurai Updates Branding and Company Update Read More
August 20, 2022 -

We recently updated the Jemurai website, modeling it after the new securityprogram.io website which we really like (shout out to our web design friends at sweetandfizzy.com who did so much more than help with the design the site). As we did that, we realized we needed to try to be clearer about what we do, […]

Read More
Cybersecurity Programs Supporting Remote Work Securely Read More
March 16, 2022 -

On Friday we wrote a blog post that talked about remote work and security from a workers perspective. We included a checklist. In this post, we want to develop that idea and talk about it more generally from a company and IT strategy perspective. We’ll start with some pictures to illustrate some of the issues. […]

Read More
Developer Resource Security Culture - Introducing OWASP Read More
January 8, 2022 -

In the latest video of our Security Culture series we give a 2 minute overview of OWASP.org, an amazing resource for developers. OWASP Resources OWASP resources include: The Top 10 ASVS Testing Guides Proactive Controls Glue, Dependency Check, Amass, ZAP and DefectDojo Conferences like Global AppSec, AppSec California, etc. Local chapter meetings

Read More
Incident Response Log4J Security Issue Read More
December 15, 2021 -

This post is a quick summary around the Log4J security issues happening in December 2021. It includes a summary, a video, a PDF of slides we presented and extensive references. The TL;DR is: update Log4J to 2.16.0 and keep watching for subsequent updates. The 10,000 Foot View Summary of The Issue Log4J is a widely […]

Read More
Security Automation Pipeline Security Automation Read More
August 11, 2021 -

This post talks about how we approach security automation in BitBucket Pipelines. It also introduces some new open source tools we built and use in the process. Security In Pipelines We’ve written before about using GitHub Actions and provided an Action friendly “workflow” with our Crush tool. At a high level, Pipelines and Actions just […]

Read More
Cloud Security Cloud Security Auditing With Steampipe Read More
June 25, 2021 -

This post talks about how we use different tools to accomplish different tasks in a cloud security context, zooming in on Steampipe as a tool that should make it very easy to prepare for and meet audit requirements. Cloud Security Auditing There are a couple of different things that we think of when we think […]

Read More
Incident Response Email from a Security Researcher Read More
February 23, 2021 -

Yesterday, for the Nth time, a client had a “security researcher” send an email about a “high-impact” security vulnerability. I’ve crafted this response a few times so I figured I would blog about it. Email from a Security Researcher So here’s the email: Hi <name>, I'm <"researcher" name>, a penetration tester, and I have found […]

Read More
Incident Response Epic Security Failure and Risk Read More
December 17, 2020 -

All I could do was facepalm after somebody pointed me to an article about how Microsoft unleashed a death star on hackers … "Microsoft unleashes 'Death Star' on SolarWinds hackers in extraordinary response to breach" GeekWire Article Let’s talk about failure. Start with Sympathy Look, its a bad situation. Lots of IT and Security folks are […]

Read More
1 2 3 11
Menu
Menu
© 2019-2022 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram