#devsecops

OWASP Foundationowasp@infosec.exchange
2025-06-04

Exciting news! 🌟 Be part of the action at #OWASP Global #AppSec USA in Washington, DC this November. ✨ Showcase your expertise and apply to speak at this fantastic event. Seize the opportunity to shine - submit your proposals here: sessionize.com/owasp-global-ap 🎤 #infosec #AI #devsecops

2025-06-04

.NET versioning drama? Linux symlink sagas? 🤯 These can lead to scanner FPs/FNs! We explore how Syft & Grype tackle these complexities for more accurate results. Lessons from the trenches: anchore.com/blog/false-positiv
#SBOM #DevSecOps

Finite StateFiniteState
2025-06-04

Many organizations say they integrate security into CI/CD. But gaps remain:
⚠️ No policy enforcement
⚠️ ignored
⚠️ Vulnerabilities slip through

We're breaking down how product security leaders can scale maturity. Take a look 👉 finitestate.io/blog/devsecops-

JAVAPROjavapro
2025-06-04

"Works on my machine" isn't API design. Muaath Bin Ali explains how APIs can fail in production — & how 11 simple can make them secure, scalable & future-proof!

Read : javapro.io/2025/06/04/best-pra

Richard ChamberlainSebosTech
2025-06-04

Tried integrating ROS2 on Oracle Linux with SELinux—no go.
Switched to AppArmor on Ubuntu—easier, yes. Effective? Not quite.

colcon and AppArmor don’t play well together. Turns out, AppArmor’s simplicity can limit it in complex dev environments.

Here’s my story, what didn’t work, and where I’m heading next:
🔗 richard-sebos.github.io/sebost

Boosts appreciated if you think secure ROS2 needs better tooling. 🧵

2025-06-04

Critical weaknesses in open-source ecosystems exposed by 6-year npm package evasion. Can AI agents be trusted with end-to-end development? #AI #DevSecOps #OpenSource #Cybersecurity

saysomething.hashnode.dev/ai-a

JAVAPROjavapro
2025-06-03

“It won't happen to me.” That's what , & thought. Jonathan Vila walks you through the top hidden flaws still lurking in production code & how to shut the doors before it's too late.

Get smart: javapro.io/2025/04/29/top-secu

2025-06-03

Malicious RubyGems posing as Fastlane plugins were caught hijacking Telegram API data. If you use Fastlane with Telegram integration, check for suspicious packages and rotate your bot tokens now. Stay vigilant! #cybersecurity #devsecops redteamnews.com/red-team/malic

George stevengeorge801
2025-06-03

🎯 Preparing for the Certified Kubernetes Security Specialist (CKS) exam?
🔐 Master Kubernetes security and boost your cloud native skills!

I’ve written a detailed blog covering:
✅ What’s in the CKS exam
✅ Key domains & tips
✅ How to prepare effectively

📖 Read it here: bit.ly/4knIgLR

Finite StateFiniteState
2025-06-02

Verizon's is sounding the alarm on software supply chains.

Over on the blog, Larry's breaking down how Finite State arms you against the threats in the DBIR. Take a look 👉 finitestate.io/blog/dbir-2025-

Özkan Pakdil 🦖thejvmbender@techhub.social
2025-06-02

#MCP is everywhere , here is a #PostgreSQL one

github.com/crystaldba/postgres

I wonder what kind of stories we will hear, I find MCP very useful but at the same time having LLM around tooling can be dangerous,

my suggestion is "input sanitization" and Keep It Simple meaning do not give more then necessary functionality to MCP, stay safe

#DevSecOps #Security

OWASP Foundationowasp@infosec.exchange
2025-06-02

OWASP Global AppSec US 2025 is happening Nov 3–7 in Washington, D.C.!

Join 800+ cybersecurity pros for hands-on training, expert-led sessions across 6 tracks, and plenty of networking.

🎤 Keynote speaker Adam Shostack, a leader in threat modeling and secure-by-design strategies. You won't want to miss him!

🎟️ Register Here: owasp.glueup.com/event/131624/

#OWASP #GlobalAppSecUS #Cybersecurity #ThreatModeling #DevSecOps #Hacking #AppSec2025 #WashingtonDC

Tanya Janca | SheHacksPurple :verified: :verified:SheHacksPurple@infosec.exchange
2025-06-02

We also discuss Dustin’s new venture, Katilyst (twp.ai/9PSKjV), a new startup focused on empowering engineering teams to take ownership of security in a practical, scalable way.

#RSAC2025 #SecurityChampions #Katilyst #AppSec #DevSecOps

2/2

2025-05-31

Remember those pesky cross-ecosystem FPs? 😅 Or when symlinks made us scratch our heads? We're spilling the tea on how the team tackled false positives (and the move to GHSA that helped BIG time!). Dive in: anchore.com/blog/false-positiv
#OpenSource #DevSecOps

Sentinel SecuritySntlSecurity
2025-05-30

Shifting left on security isn't just a buzzword, it's essential. ➡️ Integrating security testing throughout the with practices helps catch vulnerabilities early, saving time & resources.

2025-05-30

AI Coding Assistants Can be Both a Friend & a Foe

New research shows that GitLab's AI assistant, Duo, can be tricked into writing malicious code and even leaking private source data through hidden instructions embedded in developer content like merge requests and bug reports.

How? Through a classic prompt injection exploit that inserts secret commands into code that Duo reads. This results in Duo unknowingly outputting clickable malicious links or exposing confidential information.

While GitLab has taken steps to mitigate this, the takeaway is clear: AI assistants are now part of your attack surface. If you’re using tools like Duo, assume all inputs are untrusted, and rigorously review every output.

Read the details: arstechnica.com/security/2025/

#AIsecurity #GitLab #AI #PromptInjection #Cybersecurity #DevSecOps #CISO #Infosec #IT #AIAttackSurface #SoftwareSecurity #CISO

OWASP Foundationowasp@infosec.exchange
2025-05-30

Join 800+ AppSec professionals, developers, and decision-makers in Washington, DC this November.

Sponsorship & exhibitor spots are open now—our Silver Package and Lanyard Sponsorship are already sold out!

✅ Boost brand visibility
✅ Connect with industry leaders
✅ Be part of the trusted OWASP community

👉 Register & Learn more: owasp.glueup.com/event/131624/

#OWASP #AppSecUSA2025 #Cybersecurity #Sponsorship #Exhibit #InfoSec #DevSecOps #WashingtonDC

2025-05-29

Tired of vulnerability scanners crying wolf 🐺 or missing the mark? Our latest blog dives into the world of false positives & negatives, sharing real lessons from the trenches and how scanning is getting smarter. Read on: anchore.com/blog/false-positiv
#DevSecOps #VulnerabilityScanning

2025-05-29

Безопасная сборка Docker-образов в CI: пошаговая инструкция

Привет, Хабр! Я Саша Лысенко, ведущий эксперт по безопасной разработке в К2 Кибербезопасность . Сейчас появилась куча инструментов для автоматизации рутинных задачи и все активно идут в эту сторону для оптимизации ресурсов и быстрых результатов. Так в DevOps внедрение CI/CD пайплайнов ускоряет разработку, деплой приложений, сокращает time to market. Автоматизация — незаменимый сегодня процесс, который при этом открывает отличные лазейки и для киберугроз. Далеко не все задумываются, кому и какие доступы раздают и к каким последствиям это может привести. Поэтому без учета кибербезопасности здесь появляются дополнительные риски инцидентов. В этой статье я поэтапно разобрал пример сборки Docker-образов в GitLab CI пайплайнах с учетом баланса между безопасностью автоматизированной разработки и скоростью процесса.

habr.com/ru/companies/k2tech/a

#кибербезопасность #информационная_безопасность #devops #devsecops #разработка_приложений #деплой #docker_образы #gitlab_ci #безопасная_разработка #безопасная_разработка_приложений

Xygeni Securityxygeni
2025-05-29

We're at @owasp Global AppSec EU 2025 as a Golden Sponsor! 🎉
Stop by Booth G-02 to see how Xygeni helps you and with our new AI AutoFix. Grab some awesome merch & let's talk !

Xygeni Security Team at OWASP GLOBAL APPSEC EUXygeni Security Team at OWASP GLOBAL APPSEC EUXygeni Security Team at OWASP GLOBAL APPSEC EU

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst