December 2021

A Review of Log4Shell Detection Methods

Dec 22, 2021 By The Veracode Research Team In Veracode

Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?

Read Post

Veracode

Read more about A Review of Log4Shell Detection Methods

Bug Detectors for log4j Are Now Available in Google's OSS-Fuzz

Dec 22, 2021 By Sergej Dechand In Code Intelligence

To help contain the damages that arise from the log4j vulnerability, Code Intelligence collaborated with Google’s Open Source Security Team. Together, we implemented effective bug detectors for Remote Code Execution Vulnerabilities (RCEs) to Google’s open source fuzzing framework, OSS-Fuzz.

Read Post

Code Intelligence

Read more about Bug Detectors for log4j Are Now Available in Google's OSS-Fuzz

Snyk Code: An Introduction to Dev-First SAST

Dec 21, 2021 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Snyk Code: An Introduction to Dev-First SAST

Snyk Code in 2021: Redefining SAST

Dec 21, 2021 By Frank Fischer In Snyk

Starting in early 2021, Snyk Code and became available as a freemium offering for Snyk users. Snyk Code helps developers quickly and accurately find, prioritize, and fix security flaws in proprietary code. With detailed remediation guidance at every stage of the software development lifecycle (SDLC), from the developer’s environment (IDE) to continuous integration and development (CI/CD) pipelines, Snyk Code revolutionizes static application security testing (SAST).

Read Post

Snyk

Read more about Snyk Code in 2021: Redefining SAST

Finding the log4j RCE With Fuzzing

Dec 13, 2021 By Fabian Meumertzheim In Code Intelligence

On December 9th, 2021, the Remote Code Execution (RCE) CVE-2021-44228 in Apache log4j 2 was published and started seeing active exploitation soon after. Since then, development teams have been working hard and tirelessly, trying to fix the issue to prevent (further) damage.

Read Post

Code Intelligence

Read more about Finding the log4j RCE With Fuzzing

Continuous REST API Testing With CI Fuzz

Dec 10, 2021 By Simon Resch In Code Intelligence

CI Fuzz is a platform for automated security testing that aims to enable developers to ship secure software fast. The platform empowers development teams to automatically deploy continuous REST API security tests with each pull request. Since it enables the instrumentation of entire web service environments, CI Fuzz can create test inputs that are guided by code coverage. This enables it to uncover complex vulnerabilities and edge cases that other tools often overlook.

Read Post

Code Intelligence

Read more about Continuous REST API Testing With CI Fuzz

How to Implement Fuzzing for Automotive Software

Dec 10, 2021 By Code Intelligence In Code Intelligence

Get access to the full recording: https://page.code-intelligence.com/automotive-fuzzing

View Video

Code Intelligence

Read more about How to Implement Fuzzing for Automotive Software

Testing Complex Microservices: Corona-Warn-App

Dec 7, 2021 By Code Intelligence In Code Intelligence

This video is an excerpt from a recorded live coding session.

View Video

Code Intelligence

AST
Security

Read more about Testing Complex Microservices: Corona-Warn-App

Fuzzing Embedded Systems With Dependencies for Automotive in 3 Steps

Dec 6, 2021 By Code Intelligence In Code Intelligence

This video is an excerpt from a recorded live coding session.

View Video

Code Intelligence

AST
Security

Read more about Fuzzing Embedded Systems With Dependencies for Automotive in 3 Steps

Testing Microservice Architectures

Dec 6, 2021 By Code Intelligence In Code Intelligence

This video is an excerpt from a recorded live coding session.

View Video

Code Intelligence

Read more about Testing Microservice Architectures

Mocking Embedded Systems With Fuzz Data: The Challenge of Dependencies

Dec 6, 2021 By Code Intelligence In Code Intelligence

This video is an excerpt of a recorded live session.

View Video

Code Intelligence

AST
Security

Read more about Mocking Embedded Systems With Fuzz Data: The Challenge of Dependencies

Fuzz Testing in International Aerospace Guidelines

Dec 2, 2021 By Paul Butcher In Code Intelligence

For obvious reasons, civilian aerospace is steeped in safety regulations. Long-standing international governing bodies mandate and oversee the specification, design, and implementation of civil avionics such that failure conditions that could lead to safety hazards are identifiable, assessed, and mitigated.

Read Post

Code Intelligence

Read more about Fuzz Testing in International Aerospace Guidelines

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2021

A Review of Log4Shell Detection Methods

Bug Detectors for log4j Are Now Available in Google's OSS-Fuzz

Snyk Code: An Introduction to Dev-First SAST

Snyk Code in 2021: Redefining SAST

Finding the log4j RCE With Fuzzing

Continuous REST API Testing With CI Fuzz

How to Implement Fuzzing for Automotive Software

Testing Complex Microservices: Corona-Warn-App

Fuzzing Embedded Systems With Dependencies for Automotive in 3 Steps

Testing Microservice Architectures

Mocking Embedded Systems With Fuzz Data: The Challenge of Dependencies

Fuzz Testing in International Aerospace Guidelines

Monthly Archive

Follow Us