A few weeks ago, Emmanouil Perselis provided valuable insights into the application security approach at CM-MC, sparking a lively discussion at the Belgian Cyber Security Coalition Focus Group on application security. He discussed various aspects, including different application development stacks, IDE plugins for early SCA, SAST, and container scanning, a mix of internal and external pen testing, Copilot development support, and triage based on exploitation prioritization. In breakout sessions, we addressed topics such as legacy systems, initial onboarding, prioritization, and triage. We delved into the 'No Triage' principle by applying the latest stable versions of container platforms. Additionally, we tackled the vulnerabilities backlog by emphasizing the ownership of product owners and risk sign-off by the business. It's always fascinating to bring together application security experts from a wide range of organizations—academia, startups, and medium to large enterprises—for valuable open discussions on this often underemphasized area of application security. Kudos for Emmanouil Perselis and thanks for hosting the session to Taco Mulder and Sebastien Deleersnyder #CM #MC #cybersecurity #applicationsecurity
Stefan Van Gansbeke’s Post
More Relevant Posts
-
🖊️HeroDevs has proudly signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge. This marks a significant step in enhancing digital infrastructure security, especially for end-of-life software solutions. 🛡️ By committing to this initiative, we join other leading software manufacturers in advancing critical security goals over the next year. Our focus is on fostering transparency, continuous improvement, and a community of learning and best practices. Learn more about the pledge: https://loom.ly/4AWuNls #Cybersecurity #SecureByDesign #HeroDevs #CISA #SoftwareSecurity
To view or add a comment, sign in
-
Stuart McClure‘s closing keynote is exploring the escalating AppSec challenges and vulnerabilities introduced by the rapid AI-driven pace of software innovation. @stuartmcclure The @QwietAI CEO is offering practical solutions for security and engineering teams to manage the complexities of securing AI-powered applications in this interactive session. https://lnkd.in/gbiAaarv #PlanetCyberSec #AppSecSoCal #AppSec #CyberSecurity #infosec #AIAppSec
To view or add a comment, sign in
-
-
Manage, measure and report on cybersecurity performance and assurance @ Avertro | Enhancing fan and golfer concessions experience through mobile ordering @ Concessionly
Really cool startup moment at Avertro, I had to share. We move **** fast... So, the NIST CSF 2.0 release caused quite the buzz on Linkedin a few days ago. Lots of people sharing the release docs, what they think, etc. Immediately our team asked the question "how can we help the cyber community understand the differences between v1.1 & v2.0 and start to adopt the new framework?" (NISTs website doesn't really address this clearly) So the team got to work... First, Ian Yip took to redoing his circuit board from last year that was based on the draft and made the changes needed to fit the final version. Second, our security team (Olivia Conlon, Swarna Ghoorahoo, & Matthew S.) got the new framework into CyberHQ. Third, Farrell Tirtadinata created a blog around the NIST CSF 2.0 framework being available to our customers inside of CyberHQ. From learning about the release of NIST CSF 2.0 to finishing everything above, it took a total of 12 hours! Hell of a job by the team! Here are the articles from above + a picture of the framework in the platform: - https://lnkd.in/grmPWMjH (circuit board) - https://lnkd.in/g5JgevdU (blog post) #cybersecurity #nistcsf #grc #cybergovernance
To view or add a comment, sign in
-
-
With a mission of empowering businesses to develop fast and stay secure, Snyk’s platform quickly finds and fixes #security issues in proprietary code, open-source dependencies, container images, and #cloudinfrastructure so businesses can build #security directly into their continuous development process. Learn more about Synk, which is on the Acceleration Economy shortlist of #cybersecurity business enablers: https://lnkd.in/gkK3gjBd
To view or add a comment, sign in
-
-
OX Security has secured a strategic investment from IBM Ventures, aiming to enhance software supply chain security through innovative solutions. This collaboration emphasizes the critical importance of secure software development and distribution. With IBM's backing, OX Security is poised to accelerate its efforts to fortify software supply chains against cyber threats. This partnership underscores the growing industry focus on bolstering security measures across the software development lifecycle. https://lnkd.in/gTMJJ-NS #OXSecurity #IBMVentures #SoftwareSupplyChain #Cybersecurity #InvestmentNews #SecureSoftware #CyberThreats #Partnership #InnovationInTech #SoftwareDevelopment #UnderstandingEnterpriseTech #EnterpriseTechnologyNow #EnterpriseTechnologyToday
To view or add a comment, sign in
-
-
Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. https://lnkd.in/dRpuuZ9N Bojan Zdrnja - INFIGO IS - Fran Čutura - GitHub #scanning #pentest #penetrationtesting #GitHub #opensource #cybersecurity #netsec #security #infosecurit #ITsecurity #cybersecuritynews #securitynews
To view or add a comment, sign in
-
-
Did you know? In 1945, engineers discovered the 'first actual case of a bug' in a computer. They were the pioneers of debugging! 💡 Join us in the journey of seamless IT solutions and innovation. 🚀 👉Want to stay in the know about all the latest tech trends? Follow us or check out our blogs: https://agilitec.com/blog . . #TechTrivia #BusinessSafety #AgilitecIT #NetworkSecurity #cybersecurity #DataBackup #DataRecovery #CloudServices #DisasterRecovery #ITManagedService
To view or add a comment, sign in
-
-
The latest update for #CyCognito includes "Web #ApplicationSecurity #Testing: Struggles, Shortfalls and Solutions" and "The Biggest Security Nightmares from 2023 and How They Could Ruin Your 2024". #cybersecurity #AttackSurfaceManagement #EASM https://lnkd.in/eRW5kv3i
CyCognito
securitysenses.com
To view or add a comment, sign in
-
Exciting update! 🚀 Our team has conducted an in-depth analysis, uncovering 10 malicious npm, Inc. packages using Xygeni's Early Warning Service. We've also pinpointed a new threat vector – djs13-fetcher. Dive into the details to fortify your business against these threats. Kudos to our colleagues José Antonio Garcel Díaz and Jesus Cuadrado for preparing this insightful analysis. Learn more: https://lnkd.in/d2QrQw-7 #Xygeni #SecurityAnalysis #NPMThreats #AppSec #SoftwareSupplyChainSecurity #DevSecOps #Cybersecurity #DevOps #ASPM #Infosec #SecDevOps #SoftwareSupplyChain #AppSec #IT #CIO #CISO 💻🔒
Full Analysis! 10 Malicious NPM Packages Uncovered: A Wake-up Call to Software Supply Chain Security
https://xygeni.io
To view or add a comment, sign in
-
Absolutely thrilled to share our latest breakthrough at Xygeni! 🚀 We've successfully uncovered 10 malicious NPM packages using our cutting-edge Early Warning Service. 🕵️♂️ In addition, our vigilant team identified a new threat vector, djs13-fetcher. 🛡️ Dive into the details of our analysis crafted by the brilliant minds of my colleagues Jose Antonio Garcel and Jesús Cuadrado. Learn how Xygeni continues to lead the charge in fortifying your software supply chain. 💪💻 #XygeniInAction #SoftwareSecurity #NPMThreats #Cybersecurity #TechInnovation
Exciting update! 🚀 Our team has conducted an in-depth analysis, uncovering 10 malicious npm, Inc. packages using Xygeni's Early Warning Service. We've also pinpointed a new threat vector – djs13-fetcher. Dive into the details to fortify your business against these threats. Kudos to our colleagues José Antonio Garcel Díaz and Jesus Cuadrado for preparing this insightful analysis. Learn more: https://lnkd.in/d2QrQw-7 #Xygeni #SecurityAnalysis #NPMThreats #AppSec #SoftwareSupplyChainSecurity #DevSecOps #Cybersecurity #DevOps #ASPM #Infosec #SecDevOps #SoftwareSupplyChain #AppSec #IT #CIO #CISO 💻🔒
Full Analysis! 10 Malicious NPM Packages Uncovered: A Wake-up Call to Software Supply Chain Security
https://xygeni.io
To view or add a comment, sign in