In this new Cybersecurity Research Center series, we analyze the OWASP Top 10, which is a list of the most common vulnerabilities in web applications. In application security, the Open Web Application Security Project (OWASP) Top 10 list is a valuable resource for DevSecOps teams that oversee the development and security of web applications. The OWASP Top 10, updated every four years, lists the most common vulnerabilities in web apps based on a consensus among contributors from the OWASP community.

A look in the rearview can tell you a lot about the future, so we revisited the top cyber security stories of 2022 with experts in the field. Yes, ‘tis the season when cyber security experts gaze into the crystal ball to tell us what to expect in the coming year, which is fine, but it’s also good to look in the rearview at a year that will be over next week, both for what happened but also for what it all might mean and what we can learn from it.

Seeker IAST helps organizations achieve continuous testing without creating friction in DevOps pipelines. In traditional security, developers run tests for code security and operators ensure that firewalls and other protections work in the production environment. Access control and other tasks are handled by security experts and managers. DevSecOps uses version control and CI/CD pipelines to configure and manage security tasks automatically, across all teams, before deployment.

With an average of 500 components in an application, it’s difficult to know what’s in your software. The right security tools and expertise are here to help. A software Bill of Materials (SBOM) is an inventory of what makes up a software application: the “ingredients list” of everything in it. There’s pressure today for companies to make SBOM information available, and it has implications for who is liable when there are issues in the software.

CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483 are remote code execution vulnerabilities in three popular mouse and keyboard apps.

See examples of custom and variant licenses and how Black Duck Audits flag these licenses to help legal teams evaluate software risk. An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code.

Black Duck Security Advisories provide more-accurate information on vulnerable software version ranges to help customers get more out of NVD data.

CRED, a fintech company and BSIMM member since early 2022, underwent a BSIMM assessment to benchmark their security processes. CRED, launched in 2018, provides financial services and lifestyle features, and has been a member of the BSIMM community since early 2022. CRED provides a wide variety of product offerings from lifestyle to personal finance.

Learn about the key takeaways from the “Software Vulnerability Snapshot” report, which examines security issues uncovered in web and mobile apps.