Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
March 2023
Level Up Your Unit Tests: How to Turn a JUnit Test into a Fuzz Test
Unit tests are indispensable to check and prove that our code functions properly. But in unit testing, we only test the scenarios that we are aware of. However, there are scenarios unknown to us that lead to security vulnerabilities or performance problems. To address these scenarios, you can add fuzz tests in order to effectively find security, reliability, and even logic bugs in your code.
Top 9 Methods for API Testing in Java
Java is widely used for developing web applications and relies heavily on APIs (Application Programming Interfaces). Therefore, API testing is a critical practice, as it ensures seamless functionality, compatibility, security, and performance while facilitating integration and simplifying debugging.
Code Intelligence Uncovers Expression Denial of Service Vulnerability in Spring - CVE-2023-20861
Affected applications are at a higher risk of severe availability issues.
Production-safe DAST: Your secret weapon against threat actors
Production-safe DAST with WhiteHat Dynamic enables critical security scans in the software production environment. Software powers modern businesses, but these ever-evolving applications and systems can also include vulnerabilities that threat actors can exploit to disrupt, threaten, and steal critical data. But fear not: Robust security processes can mitigate most of these risks and ensure that new features and updates are properly tested.
Expression DoS Vulnerability Found in Spring - CVE-2023-20861
As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.
CI Rewind - Historical Vulnerabilities in the Automotive Space
Join our CI Rewind and Learn how to Identify and Fix Common Bugs in Automotive Software In this replay of his talk at FuzzCon Europe - Automotive Edition 2022, CARIAD's Andreas Weichslgartner shows how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development. He revisits historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software.
Mend SAST Administration - User Interface Walkthrough
Mend SAST is a SAST (Static Application Security Testing) solution for performing deep and extensive security analysis of application source code. Mend SAST is easy to use, requires almost no user input, and can be deployed during or after development with easy integration into a DevOps environment and CI/CD pipeline. The solution provides an excellent way to automate code inspection as an alternative to the demanding and time-consuming procedure of manual code reviews. Mend SAST supports all major languages and their frameworks, from Android Java to Xamarin C#.
11 Tips for Unit Testing in Java
Unit testing is an important part of software development and is considered a crucial step in ensuring the quality and accuracy of the code. It helps in identifying bugs and issues early on in the development cycle, which ultimately results in delivering high-quality software. Java is renowned for being one of the most versatile languages in programming, and it offers a wide selection of unit testing frameworks and tools.
Static analysis + penetration testing = More than the sum of their parts
Static analysis + penetration testing delivers a powerful punch in any software due-diligence effort. In the world of tech merger and acquisition (M&A) transactions, timing is everything. It’s important for prospective buyers and investors to understand as much of the target’s software assets’ security, quality, and legal posture as possible in a brief amount of time. This drives the need to conduct multiple assessments on a target’s code simultaneously.
We are open sourcing our SAST solution!
For the last two years, we’ve been quietly building a new kind of static application security testing (SAST) solution that allows security and engineering teams to assess, prioritize, and remediate security risks and vulnerabilities in their code by what matters most - sensitive data. Today, we are officially announcing its release as an Open Source project, Bearer.
CI Rewind - Introduction to JavaScript Fuzzing
JavaScript is widely used in backend and frontend applications that rely on trust and good user experience, including e-commerce platforms, and consumer-apps. Fuzz testing helps secure these applications against bugs and vulnerabilities that cause downtime and other security issues, such as Crashes, Denial-of-Service (DoS) and Uncaught Exceptions. In this session, you will learn about.