Collaborate Disseminate
I’m trying to find a buffer overflow sample code in Objective-C but the only samples I found are written in C (without “bracket style”).
I understand that Objective-C is based on C, but are there any chance of getting buffer… Continue reading Is Objective C (really) affected by buffer overflows?
I am building an authentication system to be used within a company’s private network. I do not administer this network, and I know very little about the setup, but my basic understanding is you must be on a local machine or VPN in to acces… Continue reading Is this private network authentication system secure?
The common approach to secure user secrets in native applications seems to be storing the secret in keychain and adding an additional layer of protection by way of biometrics/touchId/FaceID.
My questions:
Does adding the ad… Continue reading Securing user secrets in KeyChain vs Keychain+Biometrics
As part of our software procurement process, we’re evaluating the security of applications, e.g. by checking if there are non-addressed vulnerability reports and if the vendor embedded secure requirements into their software … Continue reading How to Perform a Security Review of Apps from Mac App Store
Fresh install, I go to Logitech to get app for my mouse. Popups for driver cleaners etc. Easy to find but one it seems loaded from common files to my services and secure like some are, as not to disable, right. Well I get the… Continue reading Unknown app. Left after getting rid of about 5 others! [on hold]
Are you in an organization implementing Continuous Delivery? Are you a manager who wants to see your applications respond at the pace of the market – or better, be in front of the market? Do you envision a world where updates are available to cust… Continue reading Advancing Application Delivery
How’s that deodorant of yours working? If you wanted to hear yesterday’s presentation you had to crowd in, close — it was standing room only.
Sonatype’s Derek Weeks (@weekstweets) presented at Global AppSec DC. The conference, s… Continue reading A More Secure Web Needs Developers, Defenders, Advocates, and OSS
In today’s world, we know that most security breaches occur because of application vulnerabilities. We also know that most typical software applications are, on average, comprised of 85% open source software. These facts are changing the way… Continue reading New Micro Focus, Sonatype Partnership Provides 360 Degree View of AppSec
About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security vulnerability was detected by scanning tools. That statemen… Continue reading Security Should Stop Being a Drag
I’m using rabbit-mq as the main communication method in my microservices. The names of each queue describe exactly what is the purpose of it. e.g “send-payment”, “send-email” and so on.
Should I consider giving a random name for each que… Continue reading Should I consider naming my AMQP queues randomly?