SOUMYADIP DEY’s Post

🎉 Achievement Unlocked! 🎉 I am thrilled to announce that I have successfully passed the GitHub Advanced Security exam! 🛡🚀' With this certification, I am now better equipped to secure our code repositories, manage vulnerabilities, and ensure robust security practices throughout the development lifecycle. Big thanks to GitHub for providing such a comprehensive and valuable certification. Let's continue to build secure, reliable, and innovative solutions together! 🔐💻 #GitHub #AdvancedSecurity #CyberSecurity #Certification #Tech #DevSecOps

View my verified achievement from GitHub. 🚀 Exciting Update! 🚀 🎉 Thrilled to announce that I've earned the GitHub Advanced Security certification! 🎓 This achievement validates my expertise in applying software supply chain security patterns and practices with GitHub Advanced Security in the enterprise. 💻 🔒 I'm now equipped to configure and use secret scanning, dependency management, and code scanning, as well as utilize CodeQL for code scanning. Plus, I can describe best practices, interpret results, and take corrective measures with GitHub Advanced Security tools. 💪 💼 Ready to leverage these skills to fortify codebases, enhance security measures, and contribute to creating safer digital ecosystems. Let's connect and collaborate! 🌟 #GitHub #AdvancedSecurity #Cybersecurity #DevOps #DevSecOps #GHAS

🚀 Elevate Your Code Security with GitHub Advanced Security (GHAS) 🛡️ In today’s digital landscape, security is non-negotiable. Whether you’re a startup or an enterprise, safeguarding your code from vulnerabilities is crucial. That’s where GitHub Advanced Security (GHAS) comes in. 🔍 Key Features: Code Scanning: Identify and address vulnerabilities in your code early in the development process. GHAS automatically scans your repositories, providing real-time alerts and actionable insights. Secret Scanning: Ensure sensitive information, like API keys and credentials, is not exposed. GHAS scans for secrets and alerts you before they become security risks. Dependency Review: Stay informed about potential vulnerabilities in your dependencies. GHAS helps you manage your open-source dependencies and ensures they’re secure. By integrating these advanced security features into your workflow, you can focus on innovation, knowing your code is secure. #GitHub #CyberSecurity #DevSecOps #SoftwareDevelopment #GitHubAdvancedSecurity

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials https://lnkd.in/dmtEatqq #Infosec #Security #Cybersecurity #CeptBiro #GitHub #Vulnerability #Credentials

Have you trained developers on security topics? I'd love your feedback on my latest blog post. I break down the economics of secure-by-design, and why training devs makes sense. #cybersecurity #appsec #cloudsecurity

A critical vulnerability was found in the GitHub Enterprise Server (GHES) tracked as CVE-2024-4985 (CVSS score: 10.0), this is our hashtag #CVEOfTheWeek for this week. The issue could permit unauthorized access to an instance without requiring prior authentication. ⚠ This vulnerability has been categorized as critical and has a CVSS score of 10/10. GHES is a self-hosted platform for software development and this platform allowing organizations to store and build software using Git version control. The issue impacts all versions of GitHub Enterprise Server prior to 3.13.0 and has been addressed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability could allow an attacker to bypass authentication protections. On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature the attacker could forge a SAML response, this method provisions the attacker to gain access to a user with administrator privileges. ✅ GitHub has rolled out fixes to this vulnerability and organizations that are using a vulnerable version of GHES are recommended to update to the latest version to secure their platform. This vulnerability reported via the GitHub Bug Bounty program. For more information please visit the GitHub's official documentation: 👉 https://lnkd.in/evrzysGf hashtag #WhiteHatSeries hashtag #Cybersolutions #informationsecurity

I have successfully completed the GitHub Advanced Security (GHAS) course, enhancing my skills in securing software development workflows and repositories on GitHub. This comprehensive course has equipped me with advanced knowledge in: Code Scanning: Utilizing automated code scanning to detect security vulnerabilities early in the development process. Secret Scanning: Implementing best practices for identifying and removing exposed secrets from repositories. Security Advisories: Managing security advisories to stay informed about vulnerabilities affecting dependencies. #GitHubAdvancedSecurity #GHAS #SoftwareSecurity #GitHub #Cybersecurity #InfoSec #DeveloperSecurity https://lnkd.in/g4kCTans #github.

GitHub has released patches to fix a critical vulnerability in GitHub Enterprise Server (GHES) that could enable attackers to bypass authentication mechanisms. GHES is a self-hosted platform for software development that supports Git version control and automates deployment pipelines for organizations. The flaw identified as CVE-2024-4985 with a CVSS score of 10.0, allows unauthorized access to an instance without prior authentication. The vulnerability affects all GHES versions before 3.13.0 but has been resolved in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. According to GitHub Docs release notes, "On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges." GitHub further clarified that encrypted assertions are not enabled by default. Consequently, the flaw does not impact instances that do not use SAML single sign-on (SSO) or those that use SAML SSO without encrypted assertions. Encrypted assertions enhance the security of a GHES instance by encrypting messages from the SAML identity provider (IdP) during authentication. Organizations using a vulnerable GHES version are advised to update to the latest version to mitigate potential security risks. #github #security #vulnerability #cybersecurity #bizserveit

🛡️ “Prevention First” is crucial for organizations, requiring a proactive rather than reactive approach. Despite significant budget allocations, companies remain vulnerable to threats and often time pay heavy prices in data breaches, ransom, etc. 🧮 Depending on company size, the number of security products and solutions can range from dozens to hundreds. Most organizations have a 1:100 ratio of AppSec to developers, by running an AppSec pipeline separate from the developers' pipelines. 🔐 GitLab's DevSecOps approach integrates security into the Software Development Life Cycle, covering SCA, SAST, DAST, container scanning, dependency scanning, and more. With “GitLab Duo”, vulnerabilities can be automatically identified, addressed, and remediated early in the process. https://lnkd.in/dFRS_w73 #CISO #Security #DevSecOps #Cybersecurity #DevOps

I found a great explanation of unsafe reflection at https://lnkd.in/gMxWUW7n