Collaborate Disseminate
Right now, live events may be on hold or canceled altogether, but that’s not stopping the DevSecOps community from gathering…
The post Announcing DevSecCon24 2020: You Can Join In From Home! appeared first on ZeroNorth.
The post Announcing … Continue reading Announcing DevSecCon24 2020: You Can Join In From Home!
Increased application and software usage heighten security concerns amongst consumers The past few months have placed digital transformation into overdrive, with consumers gravitating toward distance-enabling technology and applications more than ever … Continue reading Survey: Nearly Half of Americans Refusing or Unlikely to Opt-In to COVID-19 Contact Tracing Apps
Since 2017, I’ve reported in our annual State of the Software Supply Chain Report that the average time between an open source vulnerability being announced and subsequently exploited was three days. We saw this exploit time with Equif… Continue reading SaltStack: 20 Breaches Within Four Days
A few weeks ago, we wrote about the differences in SCA and SAST tools. While you can’t really compare the two, for most organizations, software composition analysis (SCA) is likely the best place to start. We also mentioned if you do choose … Continue reading Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution
what can be the harms that may come to an organisation if they do not take appropriate precautions before conducting a penetration test and what would be the negative impacts that could occur?
According to me, The key here is use virtuali… Continue reading precautions before conducting a penetration test
In 2020, there are a lot of applications which have a web interface as well as “desktop apps.” Such applications are either the same in functionality or very close. Three examples of this situation are the Slack, Discord, and Keeper Securi… Continue reading What are the general security implications behind using a web app vs its equivalent desktop app?
I’m in a discussion with Information Security team about a legacy Desktop Application accessing a SQL Server database directly using LINQtoSQL.
The Information Security team insists that there are many security vulnerabilities in a Deskto… Continue reading Desktop App with SQL Server security issues
In recent years, the application security (AppSec) field has not advanced as rapidly as the software development discipline. While developers are under constant pressure to push code, legacy security tools inhibit their ability to do so. Developers fac… Continue reading Traditional AppSec Code Halts Kill DevOps Release Cycles
This is a summary of Judy Johnson’s talk “The Science of Compliance: Early Code to Secure Your Node”. Watch the entire presentation below.
We’re here to talk about the science of compliance. We’re going to answe… Continue reading The Science of Compliance: Early Code to Secure Your Node
We are considering to add the following feature to our web application (an online product database, if it matters):
Instead of uploading an image, the user can provide the (self-hosted) URL of an image. We store the URL instead of the im… Continue reading Security risks of fetching user-supplied URLs