TL;DR Fuzzing JavaScript is easy now In this post, we introduce you to our new open-source fuzzer for the JavaScript ecosystem, Jazzer.js. Jazzer.js is a coverage-guided, in-process fuzzer for the Node.js platform. It’s based on the experience we gathered developing its namesake Jazzer, our fuzzer for the JVM platform. Internally, Jazzer.js uses libFuzzer as a solid industry-standard engine and brings many of its instrumentation-powered mutation features to JavaScript.

In a perfect world, software developers would not only have an innate understanding of security but be able to create bulletproof code from the get-go.

In the context of hybrid work, the threat of data loss is rampant. Cybersecurity systems that were once designed to operate within the confines of a network perimeter have become obsolete, with employees using various devices, networks, and applications to get their work done. As such, it’s easier than ever for companies to be vulnerable to the loss of sensitive data. So, what’s the solution? Recently, Digital Guardian published The Definitive Guide to DLP: 2021 Hybrid Work Edition.

Since working on a spreadsheet, you and your team have come a long way. You’re enjoying the ease of working in TrustOps because it automates control mapping, test creation, and evidence workflows. However, you’re looking for ways to save a bit more time, so you can focus on your day job and growing list of priorities. Collecting evidence to validate compliance controls takes time and affects your team’s productivity, including HR, IT, and DevOps.

Globally, the cyber threat level to organizations remains high and the current situation only serves to highlight this further. To this point, any organization that has substantial gaps in its cybersecurity capabilities is operating at risk, and when the threat landscape changes, as it has now, so we become more aware of the vulnerabilities that we have carried for some time and the need for better Cyber Threat Intelligence.

The second quarter of 2022 offered plenty of positing on privacy, both in the U.S. and internationally. In the U.S., we saw the addition of another state privacy law, and a spark of hope in privacy professionals’ eyes with the introduction of tangible federal legislation. Plus, the Federal Trade Commission (FTC) is positioned to act on rulemaking like never before.

During many recent security incidents, we hear a lot of messages about the lack of knowledge of the code dependencies, attacks to the software supply chain, Software Bill of Materials (SBOM), digital signatures, provenance, attestation, etc. The fact is, every time a new vulnerability appears in the landscape, we usually need to spend a lot of time and effort to detect the real impact on the applications and services that are running in our environment.

Managing individual business risks is difficult when silos exist. An enterprise risk management (ERM) framework consolidates risk management strategy across an entire organization, enabling better visibility, measurement, and management of business objectives. With a unified focus on addressing risk, compliance teams can universally improve regulatory compliance, governance, and risk management processes.

Mobile app security testing is expensive, and that’s a fact. For instance, a single quality penetration test costs around $20,000-$30,000. But do you essentially have to pay this high for the service? Mobile app development companies are cutting costs because of the economic meltdown or investors pulling out. And this could make it hard to set aside tens of thousands of dollars just for penetration testing, right? Moreover, without the right budget, how would you manage app security? Solution?