Malicious actors are always innovating new ways to hack software, and security controls can feel like a cat and mouse game. And it's not just your software—it's your third party dependencies, too. On the floor of re:Invent, Exaforce's co-founders Ariful Huq and Marco Rodrigues dive into how detection frameworks can help you turn your security from a game of whack-a-mole into a reliable system, and where AI triage fits into security systems. https://lnkd.in/eiaEWzhC
V7
Recently we talked to Travis McPeak of Cursor about the consequence of noisy security tools. He said security is often a "wet blanket" - the team that spoils everyone's fun. That bad reputation isn't just about annoying, noisy alerts. It's the consequence of trying to upgrade every dependency, even if you don't think it's being called. Because unnecessary upgrades increase the risk of introducing instability to the system. And do you think Cursor - the darling of AI code assistants - is willing to put up with security just maybe crashing their service. Lol, no way. That's why Travis looked for a new SCA with reachability analysis, so they could automatically rule out unused dependencies. Endor Labs reduced their findings by 97.5%. Now they can spend their time ensuring upgrades don't introduce breaking changes instead of scrambling to upgrade everything.
Security can't be an afterthought in today's fast-paced development cycles 🚀. Traditional vulnerability scanners struggle to keep up with the volume of open-source dependencies. AI-powered solutions like Snyk's vulnerability scanner are changing the game. Read more: https://lnkd.in/gzcRRcPW #DevSecOps #AIinSecurity #VulnerabilityManagement
UX Polish + Backend Steel 🛡️✨ Big updates just landed in Vappler. We believe security tools should be as intuitive to use as they are reliable under the hood. Our engineering team just shipped a "double feature" release tackling both: 1. Client Workspace Manager v1.1 (Frontend) We’ve completely refactored how you manage client environments. ✅ Unified Experience: We merged create, edit, and view workflows into a single, smart ClientProfileModal. ✅ Secure RPC: All workspace updates now route through a dedicated, hardened RPC endpoint (update_client_workspace), ensuring better data validation and security. ✅ Zero Clutter: Removed redundant legacy components to keep the platform lightweight. 2. Ingestion Pipeline Hardening (Backend) We resolved a complex edge case in our scan ingestion layer to ensure 100% data persistence. ✅ The Fix: Addressed JSON/SQL null handling and RPC contract mismatches that were silently dropping data during high-volume scans. ✅ The Result: Verified end-to-end persistence of 363+ distinct vulnerabilities across multiple asset classes in our latest stress test. Better workflows for your team. Better data for your reports. Click the link to deploy your first scanner: aspidasecurity.io #Vappler #ProductUpdate #VAPT #SaaS #FullStackDevelopment #Cybersecurity #AspidaSecurity
Trivy scans flagging hundreds of CVEs? Most teams fix the wrong ones first Why? Tools report severity, not context. Better approach: Enrich alerts: Add runtime data (is it exploitable in your pods?). Prioritize by exposure: Focus on internet-facing services first. Correlate with configs: Ignore if pod security blocks it anyway. Hypothetically, this slashes false positives by 60% based on benchmarks, speeding compliance. What's one vuln triage myth you see teams fall for? Share below, or DM for insights!
I recently re-read The Cuckoo's Egg by Cliff Stoll. The failures described in the book during 1980s don't feel historical. It feels like we’re still struggling with the same security fundamentals we struggled with decades ago. Back then, attackers succeeded because: - Environments weren't fully understood - Logs were generated but rarely reviewed - Old accounts lingered unnoticed - Trust replaced verification Fast forward to today. Different tools. Same outcomes. We now have automation everywhere. Yet automation still depends on knowing what exists, what's normal, and what should no longer be there. That's the part we assume is handled. But is it? What struck me most this time wasn't how limited the tools were back then. It was how deliberate the observation had to be. Visibility came before tooling, because it had to. Today, tooling often comes first, and visibility is assumed to follow. We've built sophisticated defenses, but somewhere along the way, we stopped asking basic questions. The fundamentals didn't change. We just got better at believing they were already taken care of.
Path Network, Inc’s system responds instantly to anomalies with pre-trained models and adaptive filtering logic, eliminating the need for manual rule updates. - Responds within milliseconds to new patterns - Reduces load on internal security teams - Prevents damage without slowing down traffic #DNS #Anycast #NetworkSecurity #PathNetwork
Claude Cowork is absolutely great and introduces a new level of user engagement with a computer. But, it also introduces significant risk. The code injection attack vector is serious threat, and it is likely to trigger new industry focused on exploiting this. This risk does not affect only average Joes. Example shows how an attack can be well disguised and nearly invisible even for experts. Now imagine this is triggered in some corpo. https://lnkd.in/dhG4_Pyg
Backstage, Path Traversal via Symlink Chains, Critical The resolveSafeChildPath utility function in @backstage/backend-plugin-api is intended to prevent path traversal attacks by ensuring that file operations remain within a specified base directory. However, it fails to adequately validate symbolic links, particularly symlink chains and dangling symlinks. In symlink chains, multiple symlinks are created where each link points to another, eventually resolving to a target outside the allowed directory. The function only checks the immediate symlink target, not the final resolution, allowing bypass....
Thanks for the great conversation Ryan Donovan.