Security Archives

Don’t overlook insider threats—and more cybersecurity lessons

Derrick RoachJanuary 17, 2023Blogs, SecurityNo comments

Key lessons about cybersecurity breaches in 2022 give us insight into how to improve AppSec and DevSecOps in 2023.

New Coveros secure software supply chain management service powered by the Tidelift subscription

Coveros StaffNovember 7, 2022Blogs, DevSecOps, SecurityNo comments

Coveros is partnering with Tidelift to help ensure secure, healthy, and well-maintained software supply chain.

The key to AppSec is early detection. Are you ready for a security checkup?

Coveros StaffOctober 13, 2022Blogs, DevSecOps, SecurityNo comments

Prevention and detection are key tools in medicine. Stopping a serious illness from growing worse is easier when doctors find it early, because it usually saves the money, time, and physical and emotional stress that comes with prolonged illness and aggressive treatment. There’s no comparison between the personal impact a serious illness has on patients […]

Recap: What You Need to Know About Software Supply Chain Attacks

Coveros StaffJuly 23, 2021Blogs, DevOps, DevSecOps, Learning, News & Events, SecurityNo comments

Application Security pioneer and OWASP co-founder Jeff Williams discusses software supply chain attacks with Coveros CEO Jeff Payne.

Coveros Conversations: Software Supply Chain Security

Coveros StaffMay 25, 2021Blogs, Development, DevOps, DevSecOps, SecurityNo comments

Software security expert and CEO Jeff Payne discusses best practices for protecting your software delivery process from supply chain attacks in our next Coveros Conversation.

Bottlerocket: An Early Look

Coveros StaffSeptember 15, 2020Blogs, DevOps, Open Source, Security2 comments

Explore some pros and cons of Bottlerocket, the Linux-based open-source operating system by Amazon Web Services for running containers.

Choosing the Right Threat Modeling Methodology

Coveros StaffAugust 13, 2020Blogs, Security, Top PostsNo comments

Explore four different threat modeling methodologies—STRIDE, PASTA, Trike, VAST—and assess their strengths and weaknesses.

Understanding Session Management – One of OWASP Top 10 (Part 2)

Coveros StaffMay 26, 2020Blogs, SecurityNo comments

Welcome to the second half of my two-part blog on Understanding Session Management. In part 1, we covered what was session management and started digging into some possible attack types associated with this vulnerability. Here we will continue to look into other associated attack types. 4. Cross-Site Request Forgery (CSRF) – Severity: High “Cross-Site Request […]

Understanding Session Management – One of OWASP Top 10 (Part 1)

green lines of code on a laptop in the dark

Coveros StaffMay 19, 2020Blogs, SecurityNo comments

Session Management has always been one of the OWASP Top 10. Take a look of the most recent two OWASP Top 10s. Top 10, 2013: A2 – Broken Authentication and Session Management Top 10, 2017: A2 – Broken Authentication Under the description of A2 of Top 10, 2017, it says, “Application functions related to authentication […]

Application Security Review Process – A Case Study

Coveros StaffMay 19, 2020Blogs, Security, Top Posts1 comment

What is application security, or AppSec? Let’s talk about web application security first. OWASP was created in 2001 and has been known as the best community for web application security. Volumes of online resources for web application security defects, security testing, and security projects have been produced by OWASP. Yet web application security is only […]

Category: Security

Categories

Recent Blogs

Recent Videos

Learning for You and Your Team

Social