Collaborate Disseminate
Would like to know the difference between Off-The-Shelf Software (OTS Software) and Software of Unknown Provenance (SOUP Software)
Suppose I am developing an application that runs on a medical device, then what I shall be aware of with res… Continue reading What is the difference between OTS and SOUP? [closed]
Is there any framework / security practices model which we can use to protect and monitor Cloud Native Technologies ?
Continue reading Security Protection for Cloud Native Technologies
It’s been an eventful few months in terms of sizable cyberattacks. First, we had the SolarWinds hack, then the Colonial Pipeline ransomware attack made cybersecurity acutely real for millions of people in the U.S. Most recently, the Kaseya ransomware … Continue reading Elevating Web App Security to a National Priority
Each month in 2021, NTT Application Security has been tracking the state of application security and the threat landscape, paying particular attention to the window of exposure (WoE), vulnerability by class and time to fix. Now, six months of data fro… Continue reading As Time to Fix Flaws Ticks Up, Mitigation Efforts Fall Short
Historically, only large, well-established banks had control over the majority of consumer and corporate finances, making it highly challenging for smaller financial services providers to break into the market. Open banking has transformed the way org… Continue reading Securing UX in Open Banking Apps
DOM-based cross-site scripting (DOM XSS) attacks are one of the most prevalent and dangerous web security vulnerabilities. In DOM XSS attacks, malicious code is executed inside the browser, making them particularly difficult to detect and block. G… Continue reading Google fights DOM XSS with Trusted Types
XStream Vulnerabilities — Detection & Mitigation
Looking at RCEs in the XStream Java Library and How you can prevent them
Introduction
XStream from ThoughtWorks is a simple library to serialize and deserialize objects in XML and JSON format. Compa… Continue reading XStream Vulnerabilities — Detection & Mitigation
I am creating an admin panel for my website. I am coding the entire website by myself. What are some essential security features that I should implement so that only I can access the admin panel and no one else?
For those security professionals who work to mitigate enterprise software vulnerabilities, it may often seem like Groundhog Day—patching and mitigating the same types of vulnerabilities over and over again. As a just-released report from crowdsourced … Continue reading Despite Pen Testing Efforts, Stubborn Vulnerabilities Persist
I’m a developer working on an application that supports minimum iOS 10. It concerns me that we are supporting such an old version of iOS but the client wishes to support customers with older iPhones that may not support the latest iOS. I w… Continue reading What are the risks to an app in supporting older iOS versions?