We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more
Search by


Looking for your favourite topic? You're in the right place.

Data Tampering: A Comprehensive Guide

In an increasingly interconnected and data-driven world, where information shapes decisions and fuels innovation, the integrity of data has become paramount. However, lurking beneath the surface is a …

CRLF Injection, Explained: An In-Depth Guide

In this in-depth guide we’ll explore CRLF injection, a web application security vulnerability that can have severe consequences. First, we’ll cover what CRLF injection is, the types of …

This $80m Banking Incident shows that Change Controls don't work

This week I’ve been reading through the recent judgment from the Swedish FSA on the Swedbank outage. If you’re unfamiliar with this story, Swedbank had a major outage in April 2022 that was caused by …

Authentication Failures: Definition, Consequences, and Prevention

Authentication is the security process that verifies a user’s identity in order to grant access to their online account. It also functions as the gateway to your product. It’s a workflow …

Command Injection: A Guide to Types, Risks, and Prevention

Command injection is a kind of cyber attack that allows an attacker to execute arbitrary commands on a system. Attackers accomplish this by exploiting vulnerabilities in an application’s input …

What Is Broken-Access Control? Examples and Prevention

Access control is a security mechanism that regulates who has access to sensitive data, resources, and systems. It ensures that only authorized users can access sensitive data and activities while …

How to automate a secure chain of custody across your pipelines in 5 steps

Imagine you’re a Fintech CTO 🤓 with several teams and tens of microservices. Do you know what’s currently running in prod? How about yesterday? A week ago? Last month? And if you do know what’s in …

Is faster actually safer? How software physics beats human psychology

Sometimes doom-scrolling through Twitter has its rewards. A few weeks ago, in between the Ever Given🚢 memes (how we miss the big boat!) and the usual screams😱 into the void, I came across this tweet …

How to Ensure Software Provenance. Just like Google.

Google has always been a leader when it comes to security culture and their approach to managing a secure development lifecycle is no exception. This article introduces Google’s Binary Authorization …

Ready to ship with more confidence?

Get security and compliance you can trust without slowing down or changing your tools.
Request a demo Start for free
Auditor and Kosli user

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us