OWASP Top 10 in 2021: Insecure Design Practical Overview
Insecure design is #4 in the current OWASP top Ten Most Critical Web Application Security Risks.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
OWASP Top 10 in 2021: Software and Data Integrity Failures Practical Overview
Software and Data Integrity Failures is #8 in the current OWASP Top Ten Most Critical Web Application Security Risks.
OWASP Top 10 in 2021: Server-Side Request Forgery (SSRF) Practical Overview
Server-Side Request Forgery is #10 in the current OWASP Top Ten Most Critical Web Application Security Risks.
An Introduction to the Snyk Team pricing plan
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
WhiteSource Cure: Automated Remediation for Developers
Keeping up with today’s rapidly evolving threat landscape is an ongoing battle for software development organizations, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery.
CIS Control 07: Continuous Vulnerability Management
When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control 07 provides the minimum requirements, table stakes if you will, for establishing a successful vulnerability management program.
23andMe's Yamale Python code injection, and properly sanitizing eval()
JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that’s used by over 200 repositories. The issue has been assigned to CVE-2021-38305.
The Vulnerability Conundrum: Improving the Disclosure Process
The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated. In this blog we’ll look at the vulnerability disclosure process, the parties involved and how they can collaborate productively.
How to better secure user authentication protocols
In March 2021, cybersecurity researcher Le Xuan Tuyen discovered a security bug in Microsoft Exchange Server. The vulnerability, dubbed ProxyToken, lets attackers bypass the authentication process to access victims’ emails and configure their mailboxes.
Alice in Windowsland: 3 ways to escalate privileges and steal credentials
Read how our red team used different attack techniques to hack AppLocker restrictions by implementing escalated privileges and reusing the Credentials Manager to extract stored data and Azure information.