Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

.NET

securitysenses

Best Practices for Cybersecurity in .NET Applications

Jul 17, 2024 By SecuritySenses In SecuritySenses
In today's digitally interconnected world, cybersecurity is not just a priority-it's a necessity. For developers working with.NET applications, ensuring robust security measures can protect sensitive data, maintain user trust, and prevent costly breaches. Here are the essential best practices for enhancing cybersecurity in.NET applications. Keeping your.NET applications updated is crucial for maintaining security. For example, migrating from.NET Core 3.1 to.NET 6 can bring significant security enhancements and performance improvements.
Read Post

Uncover vulnerabilities in C# applications using Coverity Rapid Scan Static | Synopsys

Jul 11, 2024 By Synopsys In Synopsys
In this video you will discover how Coverity’s Rapid Scan Static Analysis can help developers find and fix vulnerabilities in their code early in the development cycle by providing quick feedback on the most impactful issues. This new update in the Coverity 2024.6.0 release highlights how developers can run quick scans for C# applications via the Coverity Rapid Scan Static engine; returning quick and accurate static analysis results related to issues such as deserialization, hardcoded secrets, unsafe API calls, single-file data flow, etc. at record speeds.
View Video
SecurityScorecard

Securing Samba Ports: Essential Practices for Safeguarding Your Network

May 1, 2024 By SecurityScorecard In SecurityScorecard
In the vast and interconnected world of information technology, the security of network services and protocols is paramount for organizations of all sizes. Among these, Samba—a free software re-implementation of the SMB/CIFS networking protocol—plays a crucial role in facilitating file and print services across various operating systems, including Unix, Linux, IBM System 390, and Windows.
Read Post
Snyk

.NET developers alert: Moq NuGET package exfiltrates user emails from git

Aug 9, 2023 By Liran Tal In Snyk

On August 8, 2023, the.NET community was informed that the testing library called Moq exfiltrates developer's emails from their development machine and sends them off to third-party remote servers. Snyk has already published a security advisory and will alert developers who scan and monitor their.NET projects with Snyk.

Read Post
jfrog

New .NET Malware "WhiteSnake" Targets Python Developers, Uses Tor for C&C Communication

Apr 24, 2023 By Andrey Polkovnychenko In JFrog

The JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential for cross-language malware attacks.

Read Post
jfrog

Attackers are starting to target .NET developers with malicious-code NuGet packages

Mar 20, 2023 By Natan Nehorai In JFrog

Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically – there was no public evidence of severe malicious activity in the NuGet repository other than spam packages used for spreading phishing links. As with other repositories, the JFrog Security Research team regularly monitors the NuGet repository for malicious packages, including manual analysis of suspicious code.

Read Post
Snyk

Best practices for containerizing .net applications

Aug 31, 2022 By Marcelo Oliveira In Snyk

Containerization with Docker has become a major trend in web application development that many.NET developers have adopted. There are many compelling advantages for developers and DevOps engineers to containerize.NET applications, even when working with the older.NET Framework 4.x versions. However, if we don’t know how to use containers properly, we’ll experience little benefit from them.

Read Post
sysdig

Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence

Jun 3, 2022 By Alberto Pellitteri In Sysdig

A new zero day vulnerability actively exploited in the wild has been found in Atlassian Confluence. The vulnerability CVE-2022-26134 affects all supported versions of Confluence Server and Confluence Data Center allowing an unauthenticated user to run arbitrary commands remotely. The Atlassian team confirmed the vulnerability with an official tweet and then also published a security advisory to update its customers.

Read Post
Featured Post
crowdstrike

Proactive Threat Hunting Bears Fruit: Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework

May 10, 2022 By Adrian Justice In CrowdStrike
The CrowdStrike Falcon OverWatch™ proactive threat hunting team has uncovered a sophisticated .NET-based post-exploitation framework, dubbed IceApple. Since OverWatch's first detection in late 2021, the framework has been observed in multiple victim environments in geographically distinct locations, with intrusions spanning the technology, academic and government sectors.
Read Post
Snyk

Announcing automated fixes for vulnerabilities in .NET dependencies

Nov 17, 2021 By Daniel Berman In Snyk

We’re pleased to announce improved support for.NET applications in Snyk Open Source, allowing developers to fix vulnerabilities in.NET dependencies with the help of actionable advice and automated pull requests! As of the time of writing, NuGet, the Microsoft-supported and de-facto standard package manager for.NET, has 276,266 unique packages, downloaded on average more than a billion times a week!

Read Post
Subscribe to .NET

Copyright © 2024 OpsMatters™. All rights reserved.