Hi/5: Minimum Viable Secure Product, Bandit, Sigstore and more

Security Journey's hi/5

02-12-2021 • 2 mins

Minimum Viable Secure Product

Minimum Viable Secure Product is a minimalistic security checklist for B2B software and business process outsourcing suppliers.

How to Secure Python Web App Using Bandit

Bandit is a tool developed to locate and correct security problems in Python code. To do that Bandit analyzes every file, builds an AST from it, and runs suitable plugins to the AST nodes. Once Bandit has completed scanning all of the documents, it generates a report.

Explain Sigstore to me like I am five

Sigstore provides an easier way to seamlessly issue and validate signatures from constituent dependencies, including base images, all the way to the final deployed application artifact. ​

Threat Matrix for CI/CD Pipeline

This is an ATT&CK-like matrix focus on CI/CD Pipeline specific risk.

Malware Found in NPM Package with Millions of Weekly Downloads

A massively popular JavaScript library, UAParser.is (npm package), was modified with malicious code that downloaded and installed a password stealer and cryptocurrency miner on systems where compromised versions were used.

SHOW LESS


You Might Like

Darknet Diaries
Darknet Diaries
Jack Rhysider
Fortnite Emotes
Fortnite Emotes
Lawrence Hopkinson
Double Tap
Double Tap
Accessible Media Inc.
This Week in Retro
This Week in Retro
Neil from RMCretro - The Cave, Chris from 005 AGIMA and Dave
The Vergecast
The Vergecast
The Verge
Hard Fork
Hard Fork
The New York Times
TechStuff
TechStuff
iHeartPodcasts
13 Minutes to the Moon
13 Minutes to the Moon
BBC World Service
Waveform: The MKBHD Podcast
Waveform: The MKBHD Podcast
Vox Media Podcast Network
Smashing Security
Smashing Security
Graham Cluley & Carole Theriault