Collaborate Disseminate
Zero-Day Snafus — Hunting Memory Allocation Bugs
Preface
Languages like C/C++ come with the whole “allocation party” of malloc, calloc, zalloc, realloc and their specialized versions kmalloc etc. For example, malloc has a… Continue reading Zero-Day Snafus — Hunting Memory Allocation Bugs
Yesterday’s announcement of the acquisition of Semmle by GitHub (Microsoft) is a ringing endorsement of the need to move security to the left— “shift left”. It is a validation of the growing influence of software developers in … Continue reading Welcome to the future of application security
If the appsec industry were to develop a better AST solution from scratch, what would it look like?
As software, aka applications, microservices, and workloads, increasingly moves into the cloud, its protection has become paramount. Recent resear… Continue reading A New Approach to Application Security Testing
ShiftLeft, an innovator in automated application security, announced enhancements to its Ocular solution that empower organizations to discover business logic flaws during application development 10 times faster than manual code reviews. Updates to Ocu… Continue reading ShiftLeft Ocular enhancements to help orgs discover business logic flaws faster
ShiftLeft adds support for Java Server Pages (JSP) and Java 11
ShiftLeft Inspect, Protect, and Ocular now support Java 11 and JSP. Organizations can now scan, interrogate, and protect their legacy and modern applications using a single solution.
… Continue reading Protect your legacy and modern applications using a single solution
Vulnerability Dashboard: Measure security quality of your releases over time
Shiftleft is introducing a new Vulnerability Dashboard — A singular view of application security quality metrics including a list of vulnerabilities bas… Continue reading Vulnerability Dashboard : Measure your progress to deliver secure apps
ShiftLeft, an innovator in application-specific cloud security, announced it has raised $20 million in Series B funding. This latest round, led by Thomvest Ventures and joined by new investor SineWave Ventures as well as existing investors Bain Capital… Continue reading ShiftLeft raises $20 million Series B funding
RSA Conference announced the 10 finalists for its annual RSAC Innovation Sandbox Contest. The competition is dedicated to providing innovative startups a platform to showcase their groundbreaking technologies that have the potential to transform the in… Continue reading RSA Conference announces finalists for Innovation Sandbox Contest 2019
How-to Identify Directory Traversal Vulnerabilities with ShiftLeft Ocular: A Detailed Code Example with DeepLearning4j and OpenRefine (CVE-2018–19859)
In one of our most recent blog posts Chetan Conikee wrote about a directory traversal caused by… Continue reading How-to Identify Directory Traversal Vulnerabilities with ShiftLeft Ocular: A Detailed Code Example
Time series are a major component of the ShiftLeft runtime experience. This is true for many other products and organizations too, but each case involves different characteristics and requirements. This post describes the requirements that we have to w… Continue reading Time Series at ShiftLeft