February 2, 2021

ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure.

Read More ‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Today, the average enterprise uses over 2000 cloud applications and services, and we expect this number will continue to grow as more businesses realize the efficiency, flexibility and collaboration benefits these services bring. But the use of cloud-based applications also comes with a few caveats; for example, the apps themselves may pose potential security vulnerabilities, […]

The post How to Stop Shadow IT, Manage Access and Ensure Security with Cloud Applications appeared first on Webroot Blog.

Read More How to Stop Shadow IT, Manage Access and Ensure Security with Cloud Applications

aws To keep up with increasing time and productivity demands in software development, it???s important that organizations are staying on top of their digital shifts through rapid technology adoption and the prevention of common snags in application security (AppSec). Developers must be enabled to create quality, secure code from the start of a project through to deployment of the application, which is why automation and integration are must-haves in your DevSecOps program as you make that shift to digital.

The scalability and flexibility that software-as-a-service (SaaS) products provide only help to leap over hurdles that arise during that digital shift. Veracode made the switch to Amazon Web Services (AWS) when it became clear that our customers needed greater flexibility and scalability, and today, we function as an AWS Advanced Technology Partner with DevOps Competency that enables our customers to keep their code secure without disrupting the development process.

With this tech at their fingertips, we???ve seen our customers adopting optimized Static Analysis (SAST) and Software Composition Analysis (SCA) testing within their CI/CD pipelines, integrated through AWS CodeBuild and AWS CodePipeline. Developers are also able to configure scans in the pipeline for quick pass/fail tests on critical security issues once they push their code to a new feature, while also running other vital unit and integration testing processes in CodeBuild, such as policy scans that can guide remediation.

Additionally, with the cloud set up and the right integrations in place, organizations have more room to leverage new technologies that they otherwise wouldn???t have the right environment to integrate. As an example, AWS permits Veracode to architect new solutions using services like AWS Lambda and AWS Key Management Service (AWS KMS); flexibility made possible by the cloud.

To learn more about how Veracode works with AWS to build security into cloud-native developer workflows, read our blog.

Read More Embracing the Digital Shift: Implementing DevSecOps in the Cloud with AWS

Also see NIST Offers Tools to Help Defend Against State-Sponsored Hackers NIST Special Publication (SP) 800-172 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of co…

Read More NIST Releases SP 800-172, “Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171”