Using 3rd party libraries in Secure Software Development (OWASP Dependency check)

By

Comments

Post a Comment

Popular posts from this blog

Cross Site Request Forgery attacks mitigation

By
Image
Secure Software Systems Author - Viraj Dissanayake Ø Introduction              This article will be focusing on the understanding of the CSRF and the implementation of the mitigating these kind of attacks. Ø Cross site request forgery              Before moving on to the Overview of CSRF attacks, make sure to have a clear idea of these terms Ø Web applications             Web applications are the main target of CSRF attacks             Web applications are services which exposed by organizations on the internet             Most of the web applications rely on three components §   The client – throughout this article we consider the browser as the client §   The web server – forward the client requests to the application server §   The backend – a database Ø Client side HTTP methods(GET/POST)              GET – The most common request sent by the browser to request for content. All the parameters are send in query parameter        
Read more

Splunk ES CI/CD pipeline

By
Image
Splunk Cloud CI/CD pipeline - GitOps   Dev stage     Workflow   When the co nfigurations get pushed to a feature branch or to the dev branch , the Jenkins pipeline get triggered . This would send a notification to the developer in the MS Teams channel acknowledging that the build process has been started.   The pipeline will execute the stages relevant to dev changeset. this includes running validations and generating changelogs .   The generated reports get send to the developer via MS Teams channel.   The changelog report includes the details about the changes that would take effect on Splunk staging environment (When changes get committed to staging branch).     W hen you push configurations to feature/dev branch Pipeline runs to execute terraform plan, but nothing is applied to any environment.   ( e . g : I f the developer places/remove s the Splunk app he’s developed from the Splunkapps /deployer-apps directory and pushes the changes in to a feature branch it will
Read more