application security

NASCO Alerts

AppSec Is A Mess. Our Kids Are Paying The Price.

Data stolen? Get used to it kid. That’s the reality for young people coming of age today in the app sec shanty town that is the 21st century U.S. economy. Like the actual favelas and shanty towns that have sprung up in developing nations over the last century, our application ecosystem is sprawling, unregulated, ad-hoc and prone to shocking breakdowns and failures. Our kids are paying the price.

Source Code Secret

GitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOps

Amid a spike in attacks on software supply chains, GitGuardian launched HasMySecretLeaked.com, a site that allows developers and appsec teams to search for exposed secrets.

Photo by RealToughCandy.com: https://www.pexels.com/photo/person-holding-a-sticker-11035393/

Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple

Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code.

npm logo. Photo by RealToughCandy.com

Researcher: malicious packages lurked on npm for months

Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat.

Cyber image

Spotlight: Traceable CSO Richard Bird on Securing the API Economy

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data.