Collaborate Disseminate
Traditionally, large organizations and the enterprise have been the focus for hackers and malicious attacks, but in recent years, the rise of sophisticated hacking tools and leaked databases on the dark web, in conjunction with the proliferation of mo… Continue reading 5 Reasons Why Mobile Application Security Fails
Three Purdue University researchers and their teammates at the University of California, Santa Barbara and Swiss Federal Institute of Technology Lausanne have received a DARPA grant to fund research that will improve the process of patching code in vul… Continue reading Researchers aim to improve code patching in embedded systems
The cross-site scripting flaw could enable arbitrary code execution, information disclosure – and even account takeover. Continue reading High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode. Among the top reasons cited for pushing vulnerable code were pressure to meet release deadlines (54%) and finding vulnerabiliti… Continue reading Organizations knowingly ship vulnerable code despite using AppSec tools
On June 2, it was revealed that the Octopus Scanner malware had infected at least 26 open source code repositories on GitHub. Once downloaded, the malware specifically targets the Apache NetBeans Java integrated development environment (IDE), which is … Continue reading Open Source Code: Trojan Horse for Attacks?
GitHub & DevSecOps Productivity Tips
This article was originally published at ShiftLeft Blog.
My colleague Andrew Fife wrote about our passion to focus on developer experience and productivity with our NextGen Static Analysis platform. Productivity… Continue reading DevOps productivity series — GitHub for DevSecOps
A study from North Carolina State University and Microsoft finds that the technical interviews currently used in hiring for many software engineering positions test whether a job candidate has performance anxiety rather than whether the candidate is co… Continue reading Tech sector job interviews test performance anxiety rather than competence at coding
More and more companies, self-employed and private customers are using Boxcryptor to protect sensitive data – primarily in the cloud. Boxcryptor ensures that nobody but authorized persons have access to the data. Cloud providers and their staff, as wel… Continue reading A Boxcryptor audit shows no critical weaknesses in the software
Researchers warn that the Earth Empusa threat group is distributing the spyware by injecting code into fake and watering-hole pages. Continue reading Android ‘ActionSpy’ Malware Targets Turkic Minority Group
Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a Veracode research reveals. Nearly all modern applications, including those sold… Continue reading How secure are open source libraries?