CVE-2018-11776 and why you need Black Duck Security Advisories

In August I wrote about a new Apache Struts vulnerability that affected Struts 2.3 and Struts 2.5. Apache Struts, an open source framework for developing web applications, is widely used by enterprises worldwide, including (at least at one point i… Continue reading CVE-2018-11776 and why you need Black Duck Security Advisories

Securing containers at scale

Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts. Tracking open source can be… Continue reading Securing containers at scale

Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

We wind up the month of August with stories on the latest Apache Struts hack—bad news, if you remember Equifax—and what you need to do now to protect yourself. Plus news on plane, ATM, and even water heater hacks, and a primer on what to lo… Continue reading Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

A test hack, don’t let Ghostscript haunt you, and a helpful hacker

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Not a real hack, but may… Continue reading A test hack, don’t let Ghostscript haunt you, and a helpful hacker

CVE-2018-11776—The latest Apache Struts vulnerability

About a week ago, a security researcher disclosed a critical remote code execution vulnerability in the Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. The vulnerability (CVE-2018… Continue reading CVE-2018-11776—The latest Apache Struts vulnerability

Facing off with Google, Snap out of it, and Password protection

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Facing off with Google, … Continue reading Facing off with Google, Snap out of it, and Password protection

Google Upspin Secure File-Sharing Released to Open Source

New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user. Continue reading Google Upspin Secure File-Sharing Released to Open Source