Reshift Vs Code extension meaningfully pushes security left

Reshift Visual Studio Code extension Reshift has released a VS Code extension that enables developers to find vulnerabilities in their own custom code and help them remediate with rich issue descriptions within the IDE. Finding and fixing vulnerabilities in production can cost up to 30x more than earlier on in development. With the Reshift VS […]

How Reshift is Making its Way to Becoming the Fastest Security scanner

Developers spend on average 50% of their time fixing bugs and addressing technical debt. Tools, development environments, and new languages promise to reduce this; however, they can inadvertently increase the time developers spend fixing bugs. “The cost of debugging, testing, and verification is estimated to account for 50-75 percent of the total budget of software […]

Integrating Container Security Into Your DevSecOps Pipeline Using GitHub Actions

Integrating Container Security Into Your DevSecOps Pipeline Using Github Actions https://youtu.be/4Jd28k3mjrk Watch the full webinar here. Want to check your projects for free? Test your code Container Security Tools Docker bench for security (link) Clair (link) Cilium (link) OpenSCAP Workbench (link) Dagda (link) Notary (link) SysDig Falco (link) Anchore (link)   Integrate security within your […]

Adding Dependency Check Into Your DevSecOps Pipeline Using GitHub Actions

Adding Dependency Checks Into Your DevSecOps Pipeline Using Github Actions https://youtu.be/vpaF2TnjIDw Watch the full webinar here. Want to check your projects for free? Test your code 3rd Party Dependency Testing Tools Retire.js: scans a web application for the use of vulnerable JS libraries. Dependency-check: open-source tool from OWASP supports Java, .NET. JavaScript and Ruby. Snyk: […]

Integrating Dynamic Application Into Your DevSecOps Pipeline Using GitHub Actions

Integrating Dynamic Analysis Security Testing (DAST) Into Your DevSecOps Pipeline Using Github Actions Watch the full webinar here. Want to check your projects for free? Test your code DAST Tools https://www.zaproxy.org/ https://www.stackhwk.com https://portswigger.net/burphttps://www.arachni-scanner.com/ https://detectify.com/ http://w3af.org/ https://sectools.org/tool/wikto/ https://github.com/kaakaww/vuln_django_play https://www.stackhawk.com/blog/scanning-the-damn-vulnerable-web-app-with-stackhawk/ Integrate security within your IntelliJ IDE Download plugin

Integrating Static Code Analysis Into Your DevSecOps Pipeline Using GitHub Actions

Integrating Static Analysis Security Testing (SAST) Into Your DevSecOps Pipeline Using Github Actions https://youtu.be/tOiiA79On4k Watch the full webinar here. What is DevSecOps To fully understand DevSecOps, it helps to learn about the evolution of software development speed and why the DevSecOps practice exists today. Waterfall Traditionally, Waterfall methodology broke down software development projects into linear, […]

Reshift IntelliJ plugin meaningfully pushes security left

IntelliJ-reshift

Reshift IntelliJ plugin Reshift has released an IntelliJ plugin that enables developers to find vulnerabilities in their own custom code and help them remediate with rich issue descriptions within the IDE.  Our mission at reshift is to empower development teams to shift security left by seamlessly integrating security checks early on at the code development […]

The Current Application Security Problem, Here’s What Our Community Thinks

As developers, security experts, and team leads we are constantly thinking about or asking how we can avoid the next big data breach?  Is the problem really larger than us? Or is this something we as development teams have the power to solve? We took this question to our community, and the result brought us […]

Reshift Security Attracts Global Audience for Security Webinar

As Covid-19 increases remote working and organizational concerns about security, Reshift’s “10 Weeks to Zero Vulnerabilities” webinar series is gathering security experts, software developers and technology leaders from some 17 countries for a weekly tutorial on eliminating software vulnerabilities. OTTAWA, May 15, 2020 – Reshift Security Inc., a Software as a Service (SaaS) start-up that […]

Path Traversal Primer for Java Developers

Path Traversal

Path Traversal attacks occur when the user can specify content to be written on the server. An attacker, relying on the application to pass unsanitized data into a file API, could overwrite files containing sensitive information on the host system running the application. The file access operation will most likely inherit the same permissions as […]