In 2019, companies reported losses of over $2 trillion resulting from cybercrime, making it one of the leading concerns in every industry. Unfortunately, most of the losses involved small businesses, bringing the concern of limited resources to the table. While larger organizations — even those with little expertise — have budgets permitting the onboarding of…
Continue ReadingOpen Source Software
A Guide to JDK Open Source
Countless software developers rely on Java when programming, and OpenJDK is the latest software to make working with code even more accessible. With OpenJDK, developers can move toward a system of increased cooperative work and better implementation practices. Fortunately, migrating to JDK Open Source requires minimal effort and costs little to nothing. What Does JDK…
Continue Reading
Docker Security Scanning Guide
Docker is changing the way developers are creating applications and continues to grow in popularity, as evidenced by its over 10 million users and over 242 billion pulled images. However, while the platform and its ingenious containerization methods dramatically accelerate application development, programmers are realizing a growing need for further security maintenance and increased demand…
Continue Reading
Understanding the Latest Node.js Versions
As with all new Node.js versions, the April 2021 release of Version 16 brought a host of changes to the server-side runtime environment. Node v16 added a new integrated package manager, several developer wish-list features, and support for a new generation of microprocessors. With Node v17’s release in October 2021, Node v16 moves to Long-Term…
Continue Reading
How To Use OWASP Top 10 To Secure Your Organization?
Over two decades, the Open Web Application Security Project’s top-10 list has become an essential report card for software security professionals. OWASP compiles its list of authentication vulnerabilities and other issues using Common Weakness Enumeration reports from a worldwide community of developers. Beginning with its 2017 effort, the group augmented the CWE reports with a…
Continue Reading
How Do I Use BitBucket Security Scanner?
The code management software Bitbucket helps teams collaborate more cohesively to improve the integration of high-quality code. Core features are available to all Bitbucket users, while the choice between cloud, data center, or on-site servers determines a user’s accessibility to several valuable abilities. Bitbucket’s user-friendly interface makes it easy to monitor and track all pull…
Continue Reading
Bitbucket Security Best Practices for 2021
It’s challenging to keep up with the best cybersecurity practices, as recommended security measures change quickly and often. Thankfully, Bitbucket offers simple ways to maintain safe code. Although the specifics vary, the following best practices apply to almost any git or repository. 1. Change Keys, Tokens and Passwords Often Security begins at login, so information…
Continue Reading
Supply Chain Attacks – Defend Against Dependency Substitution and Typosquatting
If you’ve referenced open-source software in your software development process, you’ve relied on code published to public repositories as “packages”. These packages can be an attack vector when a malicious character uses Dependency Substitution or Typosquatting to ceate a supply chain attack. Those packages are downloaded and installed by a package manager. Each programming language…
Continue Reading
Docker Vulnerabilities and Security Risks
Since 2013, Docker has enabled rapid development and deployment of web applications. With its innovative approach to containers, Docker also pioneered a way to distribute highly secure applications. Nonetheless, security is never perfect. With even the most popular docker images containing vulnerabilities or malware, a hard look at Docker security issues is a wise move…
Continue Reading
Node.js Versioning
Node.js versioning is an essential skill for developers aiming to rapidly deploy secure web apps. Read about the tools that tame version management.
Continue Reading