Webinar: Automated infrastructure security with a practical example

Last week we collaborated with DevOps.com to produce our latest webinar: Automated infrastructure security with a practical example. CloudPassage solutions engineer Jenks Gibbons led the discussion by addressing why many security practitioners and engineers believe security is still roadblock within…

Read More

Atlassian Bamboo, CVE-2013-2251, and you

Atlassian reported a security advisory for its Bamboo continuous integration (CI) server software. More specifically, in the third-party Struts 2 / WebWork 2 framework used within the product. The Struts advisory, documented in CVE-2013-2251, states that Apache Struts 2.0.0 through…

Read More

CVE-2013-2028 and nginx/1.4.0: Are You Secure?

On May 7th, Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx. As per the nginx-announce mailing list announcement, “A stack-based buffer overflow might occur in a worker process while handling a specially…

Read More

Creating SVM Exceptions in Halo: Part 2

In the first part of this series, I discussed how false positives can be generated. In this post I’ll walk you through how to create an exception for false positives within Halo so they will no longer be reported.

Read More