Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

I Pity the Spool: Detecting PrintNightmare CVE-2021-34527

On Monday, June 21st, Microsoft updated a previously reported vulnerability (CVE-2021-1675) to increase its severity from Low to Critical and its impact to Remote Code Execution. On Tuesday, June 29th, a security researcher posted a working proof-of-concept named PrintNightmare that affects virtually all versions of Windows systems. Yesterday, July 1, Microsoft assigned this flaw a new CVE, CVE-2021-34527.

Secure Coding Practices to Prevent Vulnerabilities in SDLC

Unlocking the Secrets of building a secure app Under 60 Minutes Build a culture of Secure Programming in your engineering team . With the amount of (attempted) security breaches and high paced sprint cycles, securing your mobile applications from day 1 is a driving force to ship applications at speed.

Optimizing software composition analysis for developer workflows with Black Duck Rapid Scan

Black Duck Rapid Scan enables developers to check for security or policy violations without disrupting development process. When the first software composition analysis (SCA) tools made their entrance into the market, their focus was on license compliance. As open source grew in popularity, SCA tools expanded to include vulnerability management, helping to reduce the attack surface for organizations leveraging open source.

5 ways to prevent PHP code injection

Following on from my previous post on testing for PHP Composer security vulnerabilities, I thought this post might be useful in helping create more secure applications that prevent PHP code injection. As developers, we build apps to help make end users’ lives easier. Be it entertainment, workplace or social network application, the end goal is to protect the users we build for by ensuring we build security into the code.

Too Many Vulnerabilities and Too Little Time: How Do I Ship the Product?

The percentage of open source code in the enterprise has been estimated to be in the 40 percent to 70 percent range. This doesn't make the headlines anymore, but even if your company falls in the average of this range, there is no dearth of work to do to clean up, comply with AppSec policies, and ship the product. Phew! So where do you start when it comes to resolving all the vulnerabilities uncovered in your open source libraries?

Difference between Agent-based and Network-based Internal Vulnerability Scanning

Technology evolution is the only constant in our lives these days. Sometimes, an existing approach can go a long way in addressing problems, while other times, a new approach needs to be adopted to get the work done. Let’s talk about vulnerabilities; internal networks and software can be riddled with loopholes, which can expose them to breaches and data leaks, paving the way for hackers to have an easy ride.

Zero Trust Architecture (ZTA) within LEXIS

To ensure Outpost24 stays at the forefront of cybersecurity technology we conduct regular research into new innovations, and LEXIS High Performance Computing (HPC) is one of them. Outpost24 was instrumental in contributing and providing the “Security-By-Design” and “Zero-Trust” principles to creating the secure LEXIS Cloud-HPC-Big Data platform, and in this blog we explore the zero-trust fundamentals for which the LEXIS portal has been designed.

Top vulnerability assessment and management best practices

By implementing these vulnerability assessment and vulnerability management best practices you will reduce the attack surface of your infrastructure. We’re human, and many things we build aren’t perfect. That’s why we take our cars for a periodic inspection, or why we have organizations certifying that products are safe to use. Software is no different.

Vulnerability Management with Sysdig

Software is always changing and improving, and within this process, developers can unknowingly introduce vulnerabilities. Discover how Sysdig Secure provides a single vulnerability management solution for both containers and hosts. It allows you to validate compliance across your whole infrastructure. And it's so easy to deploy, that you will be scanning images and hosts in seconds.