When you think “security awareness,” the first thing that comes to mind is likely the training you provide non-security staff related to persistent threats like phishing. While this type of training will always be important, it is also becoming necessary to augment traditional programs with specialized application security awareness training for your CI/CD-related teams as…
Read More
RH-ISAC: What is your background in cybersecurity? Where did you get your training and education? Jordan: My cybersecurity career started with my current company, BigCommerce, about three-and a-half years ago. I was in another role at the same company and was given the opportunity to meet our cybersecurity team to learn more about the field….
Read More
Application programming interfaces, or APIs, are software interfaces that allow computer programs to communicate with one another to perform services without needing to know the internal details of how the other system functions. As application development shifts to the cloud, APIs have become indispensable, allowing us to connect microservices and conveniently take advantage of software,…
Read More
The new HYPERSCRAPE data extraction tool developed by the Iranian Charming Kitten threat group eases the process of stealing email data from targeted accounts. Context On August 23, 2022, Google Threat Analysis Group (TAG) researchers published a technical analysis of a unique data extraction tool they named “HYPERSCRAPE” used by the Iranian state-backed Charming Kitten…
Read More
Over the past few years, DevSecOps has become a buzzword in application security. You may understand the concept — security is integrated into your continuous integration/continuous delivery pipeline to find and fix vulnerabilities earlier in the software development lifecycle — but how do you actually implement DevSecOps? One of the keys to successful DevSecOps implementation…
Read More
