Vulnerability

Detect CVE-2020-8555 using Falco

May 29, 2020 By Kaizhe Huang In Sysdig

This CVE is a Server Side Request Forgery (SSRF) vulnerability in kube-controller-manager that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master’s host network (such as link-local or loopback services).

Read Post

Sysdig

Read more about Detect CVE-2020-8555 using Falco

Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)

May 25, 2020 By Lamar Bailey In Tripwire

Only the truly committed ever reach the summit of anything. This sentiment holds true for vulnerability management. An organization cannot reach the summit without a serious commitment to fund and staff the program appropriately across the organization. Reaching ML:5 means tying the program to the business. Everyone must be aligned with the metrics and be ready to find the root cause of any misses so that mitigations can be implemented to alleviate this miss in the future.

Read Post

Tripwire

Read more about Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)

What Is a Vulnerability Assessment? And How to Conduct One

May 20, 2020 By Abi Tyas Tunggal In UpGuard

Vulnerability assessment is the process of identifying, classifying, and prioritizing security vulnerabilities in IT infrastructure. A comprehensive vulnerability assessment evaluates whether an IT system is exposed to known vulnerabilities, assigns severity levels to identified vulnerabilities, and recommends remediation or mitigation steps where required.

Read Post

UpGuard

Read more about What Is a Vulnerability Assessment? And How to Conduct One

Building Secure Go Projects with Free Vulnerability Scanning in VSC Code

May 19, 2020 By JFrog In JFrog

Go 1.13 introduced important security features to Go Modules including a checksumdb that verifies that your dependencies haven’t been tampered with. While the integrity of the data can be verified this way - Go Modules can still have security vulnerabilities. Join this webinar to watch a technical walkthrough on how to keep your Go Modules secure.

View Video

JFrog

Read more about Building Secure Go Projects with Free Vulnerability Scanning in VSC Code

4. SWAT Onboarding - Outpost24 SWAT Recreation Flow and Explanation

May 18, 2020 By Outpost 24 In Outpost 24

Showing you how much easier it is to understand manually written instructions to help you recreate and understand your vulnerabilities.

View Video

Outpost 24

Read more about 4. SWAT Onboarding - Outpost24 SWAT Recreation Flow and Explanation

3. SWAT Onboarding - Reporting and Filtering

May 18, 2020 By Outpost 24 In Outpost 24

Customize the tool and the reports to suit you and your organization.

View Video

Outpost 24

Read more about 3. SWAT Onboarding - Reporting and Filtering

1. SWAT Onboarding - Event Notification

May 18, 2020 By Outpost 24 In Outpost 24

Initial setup that allows you to get notifications when new vulnerabilities are being reported for your application. This functionality also have integration capabilities that can help your organizations IT-security process.

View Video

Outpost 24

Read more about 1. SWAT Onboarding - Event Notification

5. SWAT Onboarding - Discussion and Verification with Our Security Experts

May 18, 2020 By Outpost 24 In Outpost 24

Once you have resolved your vulnerabilities or have questions about them, this is how you contact the Outpost24 SWAT Team.

View Video

Outpost 24

Read more about 5. SWAT Onboarding - Discussion and Verification with Our Security Experts

2. SWAT Onboarding - Application Overview

May 18, 2020 By Outpost 24 In Outpost 24

See what applications you have in your swat license and how they fair against OWASP top ten and other web application security standards.

View Video

Outpost 24

Read more about 2. SWAT Onboarding - Application Overview

The top 10 most-targeted security vulnerabilities - despite patches having been available for years

May 14, 2020 By Graham Cluley In Tripwire

Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked. This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years.

Read Post