JFrog Taps Partners, Adds Features to Bolster DevOps Platform
JFrog fills gaps in its DevOps platform with new features and partnerships with tool providers to help developers ship secure code and use issue-free open-source code.
RunSafe launched a beta program for developers to try out the Alkemist plugin, as memory corruption-based attacks can be devastating and stopping them is no trivial exercise in most development environments.
“When a determined attacker understands the layout and memory allocations within an application, they can craft targeted exploits to devastating effect,” said Chris Gonsalves, senior vice president of research at The 2112 Group in Port Washington, N.Y. “And they can keep using those attacks as long as the underlying binaries remain the same. What RunSafe does is bring reduced-friction binary hardening to app development.”
RunSafe uses a “moving target approach” that changes the underlying binary in a way that keeps the app’s functionality intact while destroying the effectiveness of previous attacks, Gonsalves said.
“Just when a hacker thinks they know precise location of a buffer overflow vulnerability and how to exploit it, boom, RunSafe’s Alkemist plugin for JFrog users switches things up and effectively neutralizes the attack,” he said. “This is hand-to-hand combat with the bad guys at the binary level. That it can be done with negligible performance overhead and zero change in app functionality makes it an effective and important layer of defense in DevSecOps.”
> Read the entire article, JFrog Taps Partners, Adds Features to Bolster DevOps Platform, at techtarget.com.