%term

When software isn't a "supply"

Feb 15, 2023 By Daniel Appelquist In Snyk

I was inspired to write this after reading a post from Thomas Depierre on Mastodon. The post touched on something that’s been troubling me recently. When it comes to software security, we spend a lot of time talking about the software supply chain and related concepts, such as the software bill of materials (SBOM). This metaphor comes from an industrial lexicon. People who are used to talking about economies and how manufacturing works are familiar with the idea of supply chain.

Read Post

Snyk

Read more about When software isn't a "supply"

The dangers of setattr: Avoiding Mass Assignment vulnerabilities in Python

Feb 15, 2023 By Jack Hair In Snyk

Mass assignment, also known as autobinding or object injection, is a category of vulnerabilities that occur when user input is bound to variables or objects within a program. Mass assignment vulnerabilities are often the result of an attacker adding unexpected fields to an object to manipulate the logic of a program.

Read Post

Snyk

Read more about The dangers of setattr: Avoiding Mass Assignment vulnerabilities in Python

Multiple Critical & Actively Exploited Vulnerabilities Patched in Microsoft's February Security Update

Feb 15, 2023 By James Liolios In Arctic Wolf

On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited in the wild. These vulnerabilities impact Windows systems and Exchange servers.

Read Post

Arctic Wolf

Read more about Multiple Critical & Actively Exploited Vulnerabilities Patched in Microsoft's February Security Update

Snyk Workflows - Ignores & PR Checks

Feb 15, 2023 By Snyk In Snyk

Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. Do you want your dev teams and AppSec teams to be aligned? The second session of the series digs deeper into using ignore capabilities. You’ll also learn about PR checks. This is a great way to get ahead of permissions.

View Video

Snyk

Read more about Snyk Workflows - Ignores & PR Checks

Stranger Danger: Your Java Attack Surface Just Got Bigger

Feb 15, 2023 By Snyk In Snyk

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your Java Attack Surface Just Got Bigger

Vulnerability Prioritization - Combating Developer Fatigue

Feb 14, 2023 By Miguel Hernández In Sysdig

We are in early 2023, and we have over 2700 new vulnerabilities registered in CVE. It is still a challenge for developers to endure the fatigue of continually vulnerability prioritization and mitigating new threats. Our findings in the Sysdig 2023 Cloud-Native Security and Container Usage Report provide signs of hope for overburdened developers, as the data showed opportunities to focus remediation efforts on vulnerable packages loaded at runtime.

Read Post

Sysdig

Read more about Vulnerability Prioritization - Combating Developer Fatigue

How to find and fix jQuery vulnerabilities

Feb 13, 2023 By Outpost 24 In Outpost 24

Using an outdated jQuery library can open up your web application to vulnerabilities. Read more to find out how to find and fix jQuery vulnerabilities. jQuery is among the oldest JavaScript libraries available online. It simplifies your coding and is used by countless websites. But there is an inherent danger that lies with outdated jQuery libraries: they are vulnerable to risks such as cross-site scripting.

Read Post

Outpost 24

Read more about How to find and fix jQuery vulnerabilities

Vulnerability Management Within Slack by Astra Security

Feb 13, 2023 By Astra In Astra

We've brought security to your workplace Astra users can now manage their security within Slack 🥳 You can stay on top with alerts about the target, manage vulnerabilities and collaborate with Astra's security experts - right within Slack

View Video

Astra

Read more about Vulnerability Management Within Slack by Astra Security

Sleepless Nights Due to Malware

Feb 11, 2023 By Indusface In Indusface

This podcast is hosted by Venkatesh Sundar, founder at Indusface, with our guest Kashish Jajodia CTO at Draup. Kashish learned the importance of #cyber #security from an interesting experience, which led him to build a robust SaaS application that supports some multi-million dollar customers 🧳. In this session, Kashish talks to Venky about how he looks at vulnerability assessment, penetration testing, and application security. What drives Draup to look at application security? Is it for building trust with their customers or compliance needs?

View Video

Indusface

Read more about Sleepless Nights Due to Malware

Automated Fuzzing | How You Can Find the Log4j Vulnerability in Less Than 10 Minutes

Feb 10, 2023 By Code Intelligence In Code Intelligence

While most developers rely on unit testing to test whether their application behaves as expected, complementary testing approaches such as automated fuzz testing can enable them to also check their applications for unexpected or strange behaviors that could lead to crashes and make them vulnerable to Denial of Service (Dos) attacks or Zero-Day exploits, or Remote Code Execution (RCE) attacks such as the recent Log4j vulnerability.

View Video