Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2022

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.
View Video
Arctic Wolf

Arctic Wolf Labs Named Open-Source Tool Creator of the Year by SANS Institute

Dec 21, 2022 By Arctic Wolf Labs In Arctic Wolf
“It’s about doing good and doing it exceedingly well.” This was how Daniel Thanos, Head of Arctic Wolf Labs, described the work of Arctic Wolf Labs when accepting the award for Open-Source Tool Creator of the Year, as voted by the SANS Insitute community at the 2022 Difference Makers Awards. This prestigious awards program “honors individuals and teams in the cyber security community who have made a measurable and significant difference in security.”
Read Post
Snyk

Snyk in 30: Open source security for Atlassian Bitbucket Cloud

Dec 15, 2022 By Marco Morales In Snyk

In our latest Snyk in 30, Jason Lane (Director of Product Marketing) and I (Marco Morales, Partner Solutions Architect) showcased Snyk Open Source with a focus on our integration with Bitbucket Cloud. They covered why open source security is vital for modern app development, along with tips on taking a holistic approach to application security that goes beyond just shifting left.

Read Post
veracode

What We've Learned About Reducing Open-source Risk Since Log4j

Dec 7, 2022 By Natalie Tischler In Veracode

I share a birthday with the Log4j event. However, unlike this event, I’ve been around for more than one year. On December 9th, 2021, a Tweet exposed a zero-day vulnerability in Log4j, a widely-used piece of open-source software. The announcement made headlines everywhere, and cybersecurity was suddenly put in the spotlight. It was a wake-up call for many because, in an instant, software that had been considered secure was suddenly at tremendous risk.

Read Post
sysdig

Discovered new BYOF technique to cryptomining with PRoot

Dec 5, 2022 By Biagio Dipalma In Sysdig

The Sysdig Threat Research Team (TRT) recently discovered threat actors leveraging an open source tool called PRoot to expand the scope of their operations to multiple Linux distributions and simplify their necessary efforts. Typically, the scope of an attack is limited by the varying configurations of each Linux distribution. Enter PRoot, an open source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.