DevSecOps

May 09, 2025

In Episode 108 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA recap the RSA Conference ...

May 08, 2025

Security tools left running with weak configurations are a daily occurrence, as common as your morning brew. Breaches don't always start with flashy zero-days or clever phishing campaigns. They often begin with tools you trust; weak access controls, outdated configurations, and carelessness in setup make them prime targets for malicious actors ...

May 05, 2025

Proof is in the data from Akamai's new research State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain. Overall, we see traditional web attacks targeting web applications and APIs continue to rise, as shown by a 65% increase between Q1 2023 and Q4 2024. This shows that the capabilities that are being developed are under increasing levels of attack ...

May 01, 2025

As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse-engineer, analyze, and exploit applications at an alarming scale ...

April 29, 2025

Only a fraction of critical vulnerabilities are truly worth prioritizing, according to the State of DevSecOps 2025 from Datadog ... The report found that security engineers are wasting a lot of time on vulnerabilities that aren't necessarily all that severe ...

April 25, 2025

In Episode 107 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present a preview of the RSA Conference and discuss the EMA Vendor Vision report ...

April 24, 2025

Imagine spending countless hours crafting a unique algorithm, only to have it stolen and used by someone else. Attackers use various strategies to pilfer source code, from social engineering tactics to malware; thankfully, these malicious tactics have viable and effective defense best practices ...

April 18, 2025

In Episode 106 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the buzzwords generated by marketing to sell cybersecurity products ...

April 14, 2025

Enterprises across the world are under attack, and it's getting harder for them to defend themselves ... The regulatory pressures facing companies have made a difference. Recent data from Veracode's 2025 State of Software Security (SoSS) report shows that the percentage of applications passing the Open Worldwide Application Security Project (OWASP) Top 10 tests has increased by 63% over the past five years — a significant improvement. More notably, the prevalence of high-severity flaws has been cut in half over the past decade ...

April 11, 2025

In Episode 105 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss hacking a modern, computer controlled vehicle ...

April 10, 2025

Software engineers are currently caught between a rock and a hard place. The rock? They're under record pressure to produce and release new software. The hard place? They're increasingly expected to account for the safety, security and provenance of every single software asset they use in those builds. That's demonstrated in the rise of the Software Bill of Materials (SBOM). These two clashing requirements are a source of great anxiety for software engineers ...

April 07, 2025

Software security threats and DevOps risks are emerging in the AI era, according to the Software Supply Chain State of the Union 2025 from JFrog ...

April 04, 2025

In Episode 104 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the impacts that taxes and tariffs have on technology and cybersecurity ...

April 03, 2025

The financial sector is a prime target for cyber attacks due to its extensive digital presence and sensitive customer data. With the rise of online banking, mobile payments, and fintech innovations, cyber threats continue to evolve, exploiting vulnerabilities in financial applications. To protect transactions, customer data, and business operations, strong security measures are essential. Web Application Firewalls(link is external) (WAFs) and API security(link is external) solutions have become critical for ensuring application integrity and regulatory compliance ...

April 01, 2025

Development and security teams are making strides in the evolution to DevSecOps but are still working toward alignment on workflows and metrics, according to DevSecOps Evolution: from DevEx to DevSecOps, a report from Checkmarx ...

March 31, 2025

Organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks, according to 2025 Global State of API Security from Traceable AI ...

March 28, 2025

In Episode 103 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the plans to move many cybersecurity controls from the federal level to the state level ...

March 25, 2025

According to CyberArk research, Non-Human Identities (NHIs) outnumbered human identities by at least 45-to-1 in 2022 ... At the core of every NHI is an authentication credential, aka a secret. GitGuardian's 2025 State of Secrets Sprawl Report reveals concerning trends in secrets exposure, indicating current management approaches are insufficient to address NHI-related risks ...

March 21, 2025

In Episode 102 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss insider threats ...

March 17, 2025

By integrating security practices such as code scanning, automated testing, and vulnerability assessments early on, security teams can proactively identify potential threats. They can also respond to emerging risks and ship secure code with confidence. This shift to continuous, proactive security integration is reshaping how developers approach software delivery. Ultimately, it ensures more secure and reliable products for users ...

March 14, 2025

In Episode 101 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss tax season, and the fraud that goes along with it ...

March 13, 2025

For many, security is like an onion. Sure, it can bring tears to your eyes when implementing it. However, the real reason for this analogy is that security comprises many layers; the more you have, the greater your chances of preventing a breach. Within this context, securing your cloud infrastructure can be compared only to an enormous (and intimidating) onion ...

March 11, 2025

Open source software (OSS) is a cornerstone of modern digital infrastructure, driving innovation and supporting applications across industries and regions. With its pervasive use, identifying critical OSS components and addressing their security challenges are vital. The recent Census III Report provides key insights into the OSS ecosystem ...

March 07, 2025

In Episode 100 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the latest news surround privacy issues in the UK regarding Apple phones ...

March 05, 2025

Application security isn't just about scanning your source code for vulnerabilities anymore. With today's accelerated, automated, and third party–dependent development environments, risks can sneak in at every step of the software development life cycle (SDLC) ...

Pages