Collaborate Disseminate
WhiteSource announced the company’s expansion into custom code security following two recent acquisitions and the availability of its static application security testing (SAST) solution. To accelerate the company’s SAST vision, WhiteSource completed tw… Continue reading WhiteSource acquires DefenseCode and Xanitizer to enter into the SAST market
The 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses is a demonstrative list of the most common issues experienced over the previous two calendar years. These weaknesses are risky because they are many times easy to find… Continue reading A look at the 2021 CWE Top 25 most dangerous software weaknesses
After five months in beta, the GitHub Code Scanning security feature has been made generally available to all users: for free for public repositories, as a paid option for private ones. “So much of the world’s development happens on GitHub that s… Continue reading GitHub envisions a world with fewer software vulnerabilities
DefenseCode Group has announced that DefenseCode’s Static Application Security Testing (SAST) ThunderScan solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability repor… Continue reading DefenseCode’s SAST ThunderScan solution now available as a GitHub Action
Software-related issues continue to plague organizations of all sizes, so IT leaders are turning to application security testing tools for help. Since there are many types of programs available on the market, choosing one is not a straightforward proce… Continue reading How do I select an application security testing solution for my business?
Trustwave Security Colony delivers resources, playbooks and expertise to bolster security posture Trustwave Security Colony is based on thousands of hours of actual consulting projects helping organizations implement new information security programs a… Continue reading New infosec products of the week: April 24, 2020
DefenseCode announced support for two additional programming languages Go and ABAP with its Static Application Security Testing (SAST) solution ThunderScan 2.1.0., designed to highlight security vulnerabilities in source code against published standard… Continue reading DefenseCode ThunderScan SAST 2.1.0 supports Go and ABAP languages
DefenseCode announces free edition of their Web Security Scanner DefenseCode Web Security Scanner is a DAST (Dynamic Application Security Testing) product for testing security of live web sites and web applications. All security scanning and vulnerabil… Continue reading New infosec products of the week: August 24, 2018
IOActive and Embedi researchers found 147 cybersecurity vulnerabilities in 34 mobile applications used in tandem with SCADA systems. Proof-of-concept Attack on Victim HMI Panel View According to the researchers, if the mobile application vulnerabilitie… Continue reading Researchers uncover major security vulnerabilities in ICS mobile applications
DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future patches. In light of these findings, this article describes examples of several attacks used in the real world that combine common vulnerabilities with faulty security mechanisms in Magento, leading to an unfavourable outcome. Examples will be aimed at Magento 2, but most of them can be applied … More → Continue reading Defeating Magento security mechanisms: Attacks used in the real world