Read to get started?
A light-weight code security tool built for developers to code securely, fix quickly, and deploy fast.
A 600+ strong online community of developers and security professionals. Join us Friday’s at 12PM EST for exercises and discussions on the latest tools and DevSecOps practices.
Friday February 5th @ 12PM EST
In this session we go over 6 ways to help ensure security is integrated within the Development lifecycle without delaying release deadlines.
📅 Every Friday @ 12PM EST | October 23 – Nov 6
Injection attacks are very common in JavaScript due to how the language works. During this webinar we will go over the different versions of injection attacks and the different ways of mitigating them.
XSS is one of the most common vulnerabilities in general but it is even more prominent in JavaScript based stacks due to the increased attack surface. Although, Angular and React are doing better in terms of mitigations there are still a few places that need attention if you are using these frameworks.
Prototype Pollution is the latest security pain the JavaScript ecosystem. Protoype pollution can sometimes lead to arbitrary code execution, sanitizer bypass and slew of other vulnerabilities. Additionally, we are going to tackle denial of service in JavaScript and how to mitigate it.
We'll discuss best practices, modern tools, and hear from experts who have had success building security into their development pipeline, and have a live Q&A period.
We will be integrating checks for git secrets into the pipeline, dynamic application security testing (DAST) to the pipeline, hear from our guest StackHawk and wrap up with a live Q&A period.
We will be discussing the top dependency check tools for your pipeline, walk through exercises, integrating dependency checks within your IDE, and have a live Q&A period.
We will be discussing the topics related to containers and container security. We will integrate a free container security tool and Integrate and demo Snyk for container security.
Occurs when untrusted data is sent to an interpreter as part of a command or query which can execute unintended commands or access unauthorized data.
A result of an inadequately developed login pages, authentication logic, backdoor, custom session management or authentication scheme.
Attackers steal keys, execute man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s client.
A light-weight code security tool built for developers to code securely, fix quickly, and deploy fast.
