• 0

Looking for a Solution that does the following


Question

iampedroNL

I am looking to implement something that contains the features below for my development team.  Please let me know of the solutions that you would suggest.

 

  1. Secure Place
  2. Able to Put in Code Snippets
  3. Able to Save Passwords
  4. Able to Save Licenses
  5. Documentation around the Code
  6. Behind a SSO (SAML/AD/ADFS)
  7. Wiki type of interface
  8. Onsite or Cloud Solution

 

 

Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 0
goretsky

Hello,

Are you asking for a recommendation as to what to run this on?  Perhaps a network using Microsoft Windows Server 2019 with Active Directory as the server, and clients running Windows 10?  You could probably integrate macOS or Chrome OS, too, if those were in use.

Regards,

Aryeh Goretsky

Link to post
Share on other sites
  • 0
iampedroNL

I am asking for a solution that has all those features built in for developers to use.

 

So the secure place is optional to making sure it is either on site or soc II certified.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Usama Jawad96
      Microsoft open sources CodeQL queries used in Solorigate investigation
      by Usama Jawad

      Last week, Microsoft finally completed its Solorigate investigation, concluding that while some code files for Azure, Intune, and Exchange were accessed, no customer data was compromised. The cyberattack had caused major concern around the globe because it targeted the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. Supply chain attacks were executed on SolarWinds, Microsoft, and VMware, with Microsoft President Brad Smith calling it "a moment of reckoning".

      Now, Microsoft has open sourced the CodeQL queries that it utilized in the Solorigate investigation.

      Image via Kevin Ku from Pexels For those unaware, CodeQL is code analysis engine which depends upon code semantics and syntax. It develops a database built around the model of the compiling code, which can then be queried just like a regular database. It can be used both for static analysis and retroactive inspection of code.

      CodeQL queries were used by Microsoft in its Solorigate investigation in order to analyze its code in a scalable manner and pinpoint indicators of compromise (IoCs) and other coding patterns used by Solorigate attackers directly on a code-level.

      Microsoft essentially built multiple CodeQL databases from various build pipelines, and then aggregated them in a single infrastructure to enable system-wide querying capabilities. This enabled the firm to detect malicious activity in code within hours of a coding pattern being described.

      Given that this is more of a syntactic and semantic technique that depends upon identifying similarities in coding patterns such as the variable names used, Microsoft has emphasized that if you find the same patterns in your own code base, that does not necessarily mean that it's compromised. Multiple programmers can of course have the same coding style.

      At the same time, it is also important to remember that a malicious actor is not constrained to a single coding style. Essentially, if the attacker deviates significantly from their usual implant pattern, they would be able to circumvent Microsoft's CodeQL queries. Regarding the syntactic and semantic code pattern identification capabilities of the CodeQL engine, the Redmond tech giant notes that:

      More information about using Microsoft's CodeQL queries is available here. You can find out more about how to deploy queries here.

    • By Usama Jawad96
      Microsoft: Customer data was not accessed in Solorigate attack
      by Usama Jawad

      In 2020, there was a major global cyberattack, spanning across the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. It was reported to have been triggered by supply chain attacks on three major firms: SolarWinds, Microsoft, and VMware, where attackers were able to access private documents and emails. The attack was dubbed "Solorigate" by Microsoft with President Brad Smith calling it "a moment of reckoning". Now, the company has shared a final update on its Solorigate investigation.

      Image via Splashtop Microsoft Corporate Vice President of Security, Compliance, and Identity Vasu Jakkal has concluded that while nation-state actors were able to compromise some initial security procedures, they were then stopped by a "unified team of human and digital defenders". She also clarified that the company has found no proof of customer data or production services being breached. Furthermore, the investigation confirmed that Microsoft software was not used to attack other identities.

      Microsoft states that multiple factors aided in limiting the scope of this attack and these should be embraced by other security teams and organizations moving forward as well. These include adopting a Zero Trust security model with multi-factor authentication for credentials, and cloud technologies like Azure Active Directory and Microsoft 365 Defender. Lastly, Jakkal has emphasized that it is paramount that companies and teams work together to strengthen collective defenses.

      The Microsoft Security Response Center (MSRC) went on to say that:

      MSRC highlighted that even though the attack was discovered in December 2020 with organizations racing to mitigate the threat, its analysis shows that the malicious actor attempted access in January 2021 as well. It has clarified that across all of its services, the attacker was able to view and download only a small number of code files for Azure, Intune, and Exchange. None of the code files breached contained any live credentials being used in production environments.

    • By zikalify
      Rust Foundation formed to manage namesake language
      by Paul Hill



      The core team behind the Rust programming language have announced the establishment of the Rust Foundation, an independent non-profit that will steward the increasingly popular language. The move follows lay-offs at Mozilla last August which affected those working on Rust.

      Commenting on the formation of the Rust Foundation, Mozilla said:

      The board of directors at the new organisation are set to have their first meeting tomorrow. It’s made up of 11 members from the founding members of the organisation: AWS, Huawei, Google, Microsoft and Mozilla. With so many well-established entities backing Rust, it’s longevity is ensured and it’ll be better resourced enabling it to hold better events and create better materials for people looking to get into the language.

      Rust is a low-level programming language similar to C. One of the main problems with C is the way it handles memory and when programmers miss these issues it can lead to serious vulnerabilities in things like web browsers and operating systems. Rust was designed with memory safety in mind, while you can disable the safety features, Rust does not compile unsafe code by default which drastically reduces the likelihood of vulnerabilities.

      The Internet Security Research Group recently said that it would be using Rust to re-write a core TLS module for httpd to help boost the security of the core web technology.

    • By zikalify
      Anyone can now contribute to Google's Fuchsia OS
      by Paul Hill



      Through its Open Source blog, Google has announced that it’s accepting contributions from the public for its alternative Fuchsia operating system. While the company has been committing code to a public repository for the last four years, it did not allow members of the public to submit code, but now they can.

      Announcing the news, Developer Advocate for Fuchsia Wayne Piekarski said:

      In addition to opening up the repository to public contributions, the firm has published a technical roadmap to provide people with a bit more information regarding the project’s direction and priorities. Some of the items on the roadmap include a driver framework so that the kernel can be updated independently of drivers, improving file systems for performance, and expanding the input pipeline for accessibility.

      While this is definitely a big step for the long-term project, Google makes it clear that Fuchsia is still not ready for general product development nor should developers build their software to run on Fuchsia because it’s still evolving.

      Developers that want to try out Fuchsia can clone, compile, and contribute to it. Google said that Fuchsia has support for a limited amount of x64-based hardware and it can also be run on an emulator. If you’d like to experiment with Fuchsia yourself, head over to the getting started page.

    • By Hamza Jawad
      New capabilities for the Power BI Snowflake connector are now generally available
      by Hamza Jawad



      In February, Microsoft released a native Snowflake connector for Power BI, enabling single sign-on (SSO) for users connecting to Snowflake from Power BI Desktop or the Power BI service. More recently, some enhanced capabilities were added to the Snowflake connector. Today, it has been announced that these capabilities are now generally available.

      With the primary purpose of streamlining access to Snowflake data warehouses, the following enhancements are being provided:

      For those whom the SSO option is marked as unavailable, Power BI service admins will need to access Tenant settings in the Power BI Admin portal, and then enable the setting termed "Snowflake SSO". For more information on the Snowflake connector for Power BI, its documentation pages for Power BI Desktop and the Power BI Service can be visited to learn more.