All stories

Considering RASP and Modern Application Security Defense

Are you considering RASP? Certainly many enterprises large and small are so you aren’t alone. Having runtime application self-protection ...
Phillip MadduxPublished on Apr 25

Web Application Security: The New Way Forward

The Web Application Firewall (WAF). It’s tech that never really was. That statement might upset some people reading this — namely those who ...
James WickettPublished on Apr 19

What’s in a Name? RASP Smells like a Rose

“What’s in a name? That which we call a rose by any other name would smell as sweet.”  — William Shakespeare RASP was first defined by ...
Tyler ShieldsPublished on Apr 12

Read this Post, Especially if You Don’t Have Time

  “Time keeps on slipin’ slipin’ slipin’, into the future” — “Fly Like An Eagle”, The Steve Miller Band Your web server’s system time can ...
Phillip MadduxPublished on Mar 29

DevSecOps: Embracing Automation, Letting Go of Tradition

I am all for traditions like Thanksgiving turkey and Sunday afternoon football, but holding onto traditions in your professional life can ...
Tyler ShieldsPublished on Mar 21

Six Reasons Why Application Defense Doesn’t Always Belong at the Edge

CDNs (content delivery networks) were a great invention. Put pieces of content at the edge of the network to speed up distribution and take ...
Zane LackeyPublished on Mar 14

AppSec Program for Startups with Neil Matatall

    We are excited to announce our next Modern Security Series episode. This episode is for anyone that has to deal with appsec but at ...
Signal SciencesPublished on Feb 23

Thanks for making RSA 2017 a huge success

This year there were 43,000 people in attendance at what is the largest security convention of the year, RSA Conference. The attendance is ...
Signal SciencesPublished on Feb 22

Why Logs aren’t Enough for Security

 
James WickettPublished on Feb 09

Meet Signal Sciences At RSA 2017!

Signal Sciences is excited to announce that we are participating in 2017’s upcoming RSA Conference, held February 13–17 at Moscone Center ...
Kooper MacleayPublished on Feb 07

Thanks for Joining us at AppSec California

Signal Sciences participated in another wonderful year at one of our favorite (and only) beach front conferences, AppSec California. It was ...
Kooper MacleayPublished on Feb 02

Deploy Secure Apps With Signal Sciences and Pivotal Cloud Native Platform

Expanding customer support for the modern web, Signal Sciences today announced the availability of our leading Next Generation Firewall ...
Signal SciencesPublished on Jan 31

Next up on the Modern Security Series: DevOops: Redux

DevOps toolchains are transforming Modern IT, but hackers can undermine their benefits through poorly implemented or vulnerable DevOps ...
Signal SciencesPublished on Jan 24

Using Signal Sciences with Kubernetes

One of the questions I hear regularly from customers is how to include Signal Sciences with some of the new technologies they are using to ...
Douglas CoburnPublished on Jan 19

AppSec California Happy Hour

  Signal Sciences is joining forces with BugCrowd at AppSec California 2017. 
Signal SciencesPublished on Jan 17

Listening To Web Attacks

There are numerous ways to monitor attack and anomaly activity with Signal Sciences. Integrating with third-party tools like Slack, ...
Px MxPublished on Jan 13

We Found These 7 Gems in the Archives

Well the new year is already in full swing and we are excited about it over at Signal Sciences.  As we finished last year we reviewed some ...
James WickettPublished on Jan 06

Tidal Forces and Security Disruption

  I just finished reading a wonderful piece by top notch analyst and thought leader, Rich Mogull entitled “Tidal Forces: The Trends Tearing ...
Tyler ShieldsPublished on Jan 06

A Review of the Modern Security Series

Wow, 2016 was a busy year over at Signal Sciences, we doubled the size of our team, helped dozens of major customers defend their web ...
James WickettPublished on Jan 03

Six Security and Tech Predictions for 2017

Here at Signal Sciences, we have had a great 2016, and we are gearing up for an even greater 2017. We did a round-up across the team to ...
Signal SciencesPublished on Nov 18

Sharing Threat Information with HoneyDB

Running honeypots to collect information is great. Running honeypots to collect and share information is awesome. HoneyDB is a simple web ...
Px MxPublished on Nov 03

Signal Sciences + Movember

Signal Sciences is proud to be partnering with Movember this November in several ways. We are providing web application defense for ...
Signal SciencesPublished on Nov 01

Getting Started With HoneyPy — Part 3

In my last post, Getting Started With HoneyPy — Part 2, I covered honeypot services and HoneyPy’s service profiles. In this post, I’ll ...
Px MxPublished on Oct 27

All Day DevOps Conference on Nov 15th

All Day DevOps (http://www.alldaydevops.com/) is happening on November 15th, 2016. It’s a 100% online conference that is free to attend. ...
Signal SciencesPublished on Oct 26

Getting Started With HoneyPy — Part 2

source In my last post, Getting Started With HoneyPy — Part 1, I covered getting HoneyPy up and running with the very basic default ...
Px MxPublished on Oct 20

Top Ten Tweets of AppSecUSA 2016

AppSecUSA 2016 wrapped up last week. To recap the event, we have captured what we think are the Top 10 tweets of from the event. We had a ...
Signal SciencesPublished on Oct 18

Modern Security Series: Dangers of DevOps Monotheism with Jim Manico

Don’t miss this event, register here > https://signalsciences.com/resources/dangers-of-devops-monotheism/ For our seventh episode in the ...
Signal SciencesPublished on Oct 17

Getting Started With HoneyPy — Part 1

In my last post, Introduction to HoneyPy & HoneyDB, I covered the basics of honeypots and provided a brief introduction to HoneyPy. In this ...
Px MxPublished on Oct 11

Understand Your Risk with Data

Unmodified Original Comic : Scott Adams The operative word in the definition of risk is potential. Potential implies a gradient; shades of ...
Tyler ShieldsPublished on Oct 06

Hacking the Hard Way at the DerbyCon CTF

DerbyCon in Louisville is one of those conferences that you have to go back to every year. While the conference hosts a ton of great talks, ...
Px MxPublished on Oct 03

Team Member Feature: Erin Shea

Erin Shea — Team Member at Signal Sciences For our first “Team Member Feature” it only seems logical to speak with the first employee of ...
Signal SciencesPublished on Sep 27

It’s Conference Season

It’s that time again…we’ve sent our kids back to school, football season has started, and now we’re gearing up for conference season. If it ...
Signal SciencesPublished on Sep 23

Cracking Security Misconceptions Book is now out!

Cracking Security Misconceptions I’m excited to announce the release of the newest O’Reilly security ebook entitled Cracking Security ...
AndrewPublished on Sep 20

Why You Should Be AuditDing with Ryan Huber

ryan huber joins Signal Sciences’ Lunch and Learn series this month! register here For our sixth episode in the series, we are pleased to ...
Signal SciencesPublished on Sep 16

Top 5 AppSec Defense needs in the Modern Era

Spinning the Top 5 AppSec Defense needs in the Modern Era, Casey Kasem style. The world has been doing AppSec for years now. In fact, lots ...
James WickettPublished on Sep 13

All Day DevOps Conference coming at You!

CFP and registration is now open > http://alldaydevops.com/ I am excited to announce the All Day DevOps conference happening in November. ...
James WickettPublished on Sep 09

How I vim for golang and more!

At Signal Sciences we use golang for just about everything. I thought I would write a little about my local vim setup and doing go ...
James WickettPublished on Sep 06

The Top 10 Tweets of DevOps Days Chicago

The Top Ten Tweets of DevOps Days Chicago! We loved DevOps Days Chicago. It was a great event with 400+ people. This was the first DevOps ...
Signal SciencesPublished on Sep 02

Introduction to HoneyPy & HoneyDB

Last week, I discussed HoneyPy and HoneyDB at Blackhat and Defcon. This week I wanted to dive a bit deeper into the projects.
Px MxPublished on Sep 01

HoneyPy at Arsenal and Demo Labs

At this year’s Black Hat & Def Con there were a few firsts for me, and it was probably one of the best experiences I’ve had at these ...
Px MxPublished on Aug 23

Safely Removing the Last Roadblock to Continuous Delivery with Shannon Lietz

Sign up to attend this episode of Signal Sciences’ Lunch and Learn Series > ...
Signal SciencesPublished on Aug 17

Blackhat and Defcon… It’s a wrap!

The Signal Sciences’ cabana at Blackhat Last week, we brought the Signal Sciences crew to Blackhat and DEF CON. For the uninitiated, this ...
Signal SciencesPublished on Aug 09

Security & Steak: Family Dinner at Signal Sciences

All gather round for some seriously good paella. Thanks, Chef  Brian! As Virginia Woolf wisely wrote: “one cannot think well, love well, ...
Erin SheaPublished on Aug 02

It’s SWAG TIME!

SUMMER SWAG WITH SIGNAL SCIENCES We are just getting into the heart of conference season for 2016, and with that comes the latest and ...
Tyler ShieldsPublished on Jul 26

Feedback Loops: Seeing the Invisible (Part 2 of 2)

Seeing the Invisible In our last article we discussed feedback loops and taking a defensive thinking approach. We identified three key ...
James WickettPublished on Jul 21

The Signal Sciences Culture

Strategery at its best. This week at the Signal Sciences’ HQ, we’re running one of our bi-annual company-wide events. With all the remote ...
Jennie DuongPublished on Jul 20

Lunch & Learn Series: AppSec Use Cases. What The Hell Is The Difference Between NGWAF, WAF, and RASP?

July 28, 2016 — Lunch & Learn Webinar with Signal Sciences Another Signal Sciences’ Lunch and Learn Series is happening this month! It’s a ...
Signal SciencesPublished on Jul 14

Feedback Loops: Seeing the Invisible (Part 1 of 2)

Seeing the Invisible Seeing the invisible. When it happens in your personal life, it might be a sign you are running low on water or maybe ...
James WickettPublished on Jul 13

Kubernetes and Security Rewind with Matt Johansen

be kind, rewind… check out our recording https://signalsciences.com/resources/kubernetes-security-webinar/ Last week we were very fortunate ...
Signal SciencesPublished on Jul 07

Speed up your Cadence with Continuous Delivery

deliver faster by going smaller  source How fast you can deliver software has earned bragging rights in the DevOps world for some time now. ...
James WickettPublished on Jun 30

Adding Security into the DevOps Culture

celebrate together —  source The importance of culture cannot go underemphasized in DevOps. In a movement that is transforming the lives of ...
James WickettPublished on Jun 24

How Rugged Influences Infrastructure as Code

Last week, we released a model on DevOps and the transformation that happens in these four key areas:
James WickettPublished on Jun 21

A Reference Model for DevOps

The world needs a reference for collecting common DevOps principles and practices that are currently being used. To that end we’ve created ...
James WickettPublished on Jun 16

Lunch & Learn Series: Sk8ting on Thin Ice: Crash Course in Kubernetes and Security

Another episode of Signal Sciences’ Lunch and Learn Series is happening this month! The Lunch and Learn Series is a webinar series geared ...
Signal SciencesPublished on Jun 14

The Future is Now for DevOps and Security

the future is here now This is the fourth and final installment of the Future of DevOps and Security Series. Glad you made it!
James WickettPublished on Jun 07

From the LA Times: To stop hackers, Signal Sciences thinks like them

This week, the Los Angeles Times featured an article on the front page of the business/tech section on Signal Sciences. We were flattered ...
Signal SciencesPublished on Jun 02

Why I Joined Signal Sciences

After spending 15 plus years of my career in large enterprise environments, and most of that time focused on information security and risk ...
Px MxPublished on May 31

The Flow of Continuously Delivered Security

the future… it probably wont look like this ( source) Continuous Delivery meets Security and magical things happen. It’s in this brave new ...
James WickettPublished on May 24

InfoSec 201: Dealing with Test Environments

Testing your application is important to your business, securing your testing is important to your integrity [This is the first article in ...
▚ ▛ ▙ ▙▟ ▛▂Published on May 20

Avoiding the Dystopian Road in Software

the future… it probably won’t look like this. image credit Security is a largely unchanged area in IT over the last 10 years and is ripe ...
James WickettPublished on May 18

Lunch & Learn Series: AppSec Pipelines — Taking the best of Agile, DevOps and CI/CD into your AppSec Program

Another Signal Sciences’ Lunch and Learn Series is happening this month! It’s a webinar series geared for practitioners. Every month we are ...
Signal SciencesPublished on May 12

The Next Frontier of DevOps: Security

the future! it probably wont look like this…  source Security is the next frontier of DevOps. Its a largely unchanged area in IT over the ...
James WickettPublished on May 10

Classy up your curl with curl-trace

We don’t always curl.. but when we do, we curl-trace. image source Here at Signal Sciences we enjoy the finer things in life. We enjoy ...
James WickettPublished on May 05

Rugged DevOps: Making Invisible Things Visible

You might already know them from theagileadmin.com, but let me introduce you to two of the leading minds in the Rugged DevOps movement: ...
Signal SciencesPublished on Apr 26

Bug Bounties and NGWAF: 1 + 1 = 3

Return on Investment—ROI. Sales departments have to show it, marketing departments have to show it, and of course, security departments do ...
Signal SciencesPublished on Apr 22

Lunch and Learn Series: Building a Modern Security Organization

The Signal Sciences’ Lunch and Learn Series is starting this month. It’s a webinar series geared for practitioners. Every month we are ...
Signal SciencesPublished on Apr 19

Why Services Are Eating The UNIVERSE!

This post was originally published November 2, 2015. Debatably, it has only improved in accuracy since then.
Tyler ShieldsPublished on Apr 14

More Silo Smashing Ideas, bringing InfoSec and DevOps together

Silo Smashing! (source http://ports.co.za/admin/large/image-587.jpg) Last week I wrote an article on InfoSec’s new mandate to smash silos ...
James WickettPublished on Apr 05

The Legacy WAF Status Quo: User Expectations Are Changing

sta·tus quo - stādəs ˈkwō/ - noun the existing state of affairs, The “existing state of affairs” is changing in the web application ...
Brian GreenePublished on Mar 29

InfoSec’s New Mandate: Silo Smashing and Feedback Loop Amplification

Photo Credit: MSNBC Media I have reached the age where friends are getting roles like CISO or Director of Security or Senior Architect. All ...
James WickettPublished on Mar 24

Lean Security: Add Business Value without Bringing Waste

Just a screenshot, scroll down for the real video! This presentation was given at DevOps Connect: Rugged DevOps at RSAC by Signal Sciences’ ...
Signal SciencesPublished on Mar 22

The Rehabilitated Security SDLC

How is it that as we, as security practitioners, refuse to think differently about how we secure our applications? For the better part of ...
Tyler ShieldsPublished on Mar 17

Silver Lining for Miles: DevOps for Building Secure Solutions

  Zane Lackey and @andrewbecherer Andrew Becherer (DataDog) and Zane Lackey (Signal Sciences) gave this talk at the DevOps Connect: Rugged ...
Signal SciencesPublished on Mar 15

InfoSec Confession: We protect the wrong things and we slow everything down

One of the secrets of InfoSec is that while we are spending a lot of resources on security professionals, security technology and ...
James WickettPublished on Mar 10

A Recap of DevOps Connect: Rugged DevOps at RSAC 2016

First, I would like to give a big “thank you” to the organizers of DevOps Connect: Rugged DevOps at RSAC 2016. I applaud the team for ...
James WickettPublished on Mar 08

We’re not your typical vendor.

After two years of heads down product development and eight months of general release, I’m excited to announce the public launch of Signal ...
AndrewPublished on Feb 25

Meet the Signal Sciences Team @ RSA Conference 2016

Come hang with the Signal Sciences team at the RSA Conference!!! RSA Conference 2016 February 29 — March 4 | San Francisco, CA
Signal SciencesPublished on Feb 18

The Elusive Unicorn of the New AppSec

As the brainchild of the development and operations departments of your business, DevOps is the unicorn of your domain. Why? Like the ...
Tyler ShieldsPublished on Feb 16

Video: James Wickett at GOTO London

James Wickett, Sr. Engineer at Signal Sciences, gave this talk at GOTO Conference in London last fall and the videos were made public just ...
Signal SciencesPublished on Feb 09

Four Steps Towards Better Incident Response

Incident Response: 95% boredom and 5% sheer terror At one point in my career, I was an incident response (IR) handler for one of the ...
Tyler ShieldsPublished on Feb 05

Business is from Mercury, and Security is from Pluto

Pluto https://twitter.com/creativecommons/status/621081819845259264 It’s hard to ignore Mercury. Mercury at a searing 800 degrees zips ...
Signal SciencesPublished on Feb 02

WAF Jeopardy — Why DevOps and Product teams hate Web Application Firewalls (and how to pick one that they’ll love)

Welcome to WAF Jeopardy — Where you have the answers and we ask the questions! Here’s some security jeopardy for you:
Max AndersonPublished on Jan 27

Replay: Nick Galbreath at GOTO London

Nick Galbreath, CTO of Signal Sciences, spoke at GOTO Conference in London last fall and the videos were made public just a few weeks ago. ...
Signal SciencesPublished on Jan 13

Security Visibility: If You Can’t See ’Em, You Won’t Stop ‘Em!

Brought to you by Signal Sciences.
Tyler ShieldsPublished on Jan 11

What security experts need to know about DevOps and continuous delivery

There are a lot of terms thrown around in modern IT and software engineering organizations DevOps, continuous delivery and build pipelines ...
James WickettPublished on Jan 07

Security in an Agile and DevOps World

Recently I was able to join a panel for SecCasts Live hosted by Ken Johnson (@cktricky) at nVisium.
James WickettPublished on Dec 18

Rugged Software Engineering from LASCON

I may be a little biased because I co-founded the conference back in 2010, however, one of my favorite conferences is the Lonestar ...
James WickettPublished on Dec 11

Welcome to the Signal Sciences Labs!

While running security engineering at Etsy we were often faced with the fact that security products on the market didn’t solve the real ...
Signal SciencesPublished on Dec 10