In today’s digital world, it’s more important than ever to ensure that your personal cyber security is up to date. With the ever-growing number of threats on the internet, it’s essential to take the necessary steps to protect yourself and your data.
The first step in protecting yourself is to be aware of the threats that exist. The second step is to use the right tools to protect yourself. There are many different types of cyber threats, such as malware, phishing, and ransomware.
The need to protect your software and to be updated about vulnerabilities is getting stronger. JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project. It works with Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. Xray provides great visibility into issues lurking in components anywhere in your organization and there are many cases where you wish to get notified on a security violation (or a license breach) directly to Slack.
Getting Started
We will use Xray’s Webhooks to define our server’s and base on the policies/rules our Webhook will be notified with the alerts about violations (security or licenses).
The trend of #DevSecOps is growing fast and it is no longer just part of your security team. More and more organizations wish to integrate their security team in all the phases of development and operations. To achieve it, there are cases where you need to export data from JFrog Xray (in our case to a CSV format) so you can ingest it to your current logging/monitoring system.
What is Xray?
In a nutshell, JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to more trust in your software.
By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.
Xray API
One of the best parts is that JFrog Xray is also fully automated through a rich REST API. We will use it to create this Exporter. Please feel free to clone/fork the code below and use it, but remember you might need to add pagination and a watchdog for a real system.
The trend of DevSecOps is not new but it’s growing fast. More and more organizations wish to integrate their security team in all the phases of development and operation.
Many security products keep your code safe from vulnerabilities at different stages (dev, test, qa and prod). However, JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project.
JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to (more) trust in your software. By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.
One of the best parts is that JFrog Xray is also fully automated through a rich REST API that lets it integrate with a CI/CD pipeline and allows other binary analysis tools to build on its unique capabilities.
Change all your website’s links from HTTP to HTTPS so that search engines are notified and users will get the HTTPS version.
Go have a drink.
Why?
You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications. HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. It might be a malicious attacker or legitimate (but intrusive) companies, such as ISPs or hotels that inject ads into pages. Your users will think that your site is ugly or worst because they can’t tell who is doing what to the pages.
If you care about your users, always protect them and serve them with HTTPS. It will also prevents intruders from being able to passively listen in on the communications between your website and your users. Another benefit we gain from HTTPS is the ability to work with new powerful web platform features: Continue reading →
There are two types of common forms that you see every day on (almost) every website: Sign-up and Sign-in. If you want to improve your users experience and allow them to fill these forms quickly and efficiently, this post is for you.
You can help ensure that browsers’ password management functionality can understand your site’s sign-up, sign-in. All it take is a ‘touch’ of a change for your password forms by enriching your HTML with a bit of metadata.
RC4 is a stream cipher designed in 1987 that has been widely supported across browsers and online services for the purposes of encryption. Multiple vulnerabilities have been discovered in RC4 over the years, making it possible to crack within days or even hours.
It’s good news that all the major browsers are going to drop it and move forward to a better cipher.
Ido Green 