Jinal Desai’s Post

Just passed the GitHub Advanced Security Certification! Did you know only a small percentage of developers hold this certification? Big thanks to the Microsoft Reactor team for the informative webinar, and to Anthony Bartolo & Joylynn Kirui for their insights & the free voucher that helped me achieve this! What are your top tips for improving cybersecurity on GitHub? #githubsecurity #cloudsecurity #devsecops #githubadvancedsecurity Microsoft Microsoft Reactor Anthony Bartolo Joylynn Kirui GitHub Microsoft Learn

🎉 Achievement Unlocked! 🎉 I am thrilled to announce that I have successfully passed the GitHub Advanced Security exam! 🛡🚀' With this certification, I am now better equipped to secure our code repositories, manage vulnerabilities, and ensure robust security practices throughout the development lifecycle. Big thanks to GitHub for providing such a comprehensive and valuable certification. Let's continue to build secure, reliable, and innovative solutions together! 🔐💻 #GitHub #AdvancedSecurity #CyberSecurity #Certification #Tech #DevSecOps

Excited to announce that I have successfully completed the GitHub Advanced Security Certification! Enhancing my skills in DevSecOps, secret scanning, code scanning, and dependabot. #GitHub #Security #GHAS #GitHubAdvancedSecurity #DevSecOps #secretscanning #codescanning #dependabot

View my verified achievement from GitHub. Highly recommend this certificate, will help cybersecurity professionals to work well with developers to build secure software

🚀 Excited to announce that I have earned the GitHub Advanced Security Certification! 🎉Achieving this certification has equipped me with advanced skills in securing software development workflows and protecting code from vulnerabilities.Grateful for the support received throughout this journey. Excited to apply these advanced security practices in future projects!#GitHub #AdvancedSecurity #Certification #Cybersecurity #ProfessionalDevelopment

Attention GitHub Enterprise Server users! A security vulnerability has been discovered that could allow attackers to bypass SAML single sign-on and gain unauthorized access to your servers. This flaw impacts instances using SAML single sign-on with encrypted assertions. While GitHub has released patches to address this issue, the update introduces other problems. Therefore, those using the vulnerable configuration should update immediately and weigh the risks of the new issues. #github #security #vulnerability #SAML https://lnkd.in/d8-QHhbp

GitHub warns of SAML authentication bypass flaw in GHES       GHES ( GitHub Enterprise Server) is a self-hosted version of GitHub . It is being used by organizations which stores repositories on their own servers or private cloud environments. Github warned their user of SAML auth bypass flaw in GHES. This flaw would allow a threat vector to forge a SAML response and gain administrator privileges, providing unrestricted access to all of the instance’s contents without requiring any authentication.   This flaw impacts only those instances utilizing Security Assertion Markup Language ( SAML) SSO with encrypted assertion which protects data against interception ( MiTM attacks)       GitHub has fixed a maximum severity ( CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4985 and fixed in 3.12.4, 3.11.10, 3.10.12 and 3.9.15 versions Ref : https://lnkd.in/gwm7rimW #GitHub #SAML #CVE-2024-4985 #GHES

Attention GitHub Enterprise Server Users, A critical security vulnerability has been identified that may allow attackers to bypass SAML single sign-on and gain unauthorized access to your servers. This vulnerability specifically affects instances using SAML single sign-on with encrypted assertions. GitHub has released patches to mitigate this issue. However, please be aware that the update may introduce other complications. It is imperative for those using the vulnerable configuration to apply the update immediately while carefully evaluating the potential risks associated with the new issues. #GitHub #Security #Vulnerability #SAML

Interesting perspective on GitHub usage. Field practice shows it is indeed the case and it is not a only “code repository” but much more. #SSDLC #AppSec #RiskManagement #Security

GitHub has recently announced a switch from Opt-In to Default for their program that automatically scans public repositories for secrets. If you want to join the discussion, head over to the GitHub Community page (https://lnkd.in/gNxCJi_K). You can also check out the GitHub Blog Post for more information. #SecDevOps #Security #development