Collaborate Disseminate
This post is an update to a previous research post authored by ShiftLeft’s Chief Scientist, Fabian Yamaguchi (https://blog.shiftleft.io/beating-the-owasp-benchmark-24a7b1601031). In the last article, he evaluated ShiftLeft’s static analysis tool agains… Continue reading Beating the OWASP Benchmark
Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million. Cycode’s […] Continue reading Cycode raises $20M to secure DevOps pipelines
When you test your code, are you really testing all of it?
Photo by Artem Sapegin on Unsplash
It seems impossible to write software without using open-source components. A single “import package” can mean thousands of lines of code added to an applicat… Continue reading Managing Open Source Vulnerabilities
Technical interviews are generally dreaded, just like every other interview. However, technical interviews include many elements that non-technical folks might find mystifying or even pointless, such as whiteboard problem solving, …read more Continue reading Playing the Interview Game
At its Octane21 conference, Okta, the popular authentication and identity platform, today announced a new — and free — developer edition that features fewer limitations and support for significantly more monthly active users than its current free plan. The new ‘Okta Starter Developer Edition,’ as it’s called, allows developers to scale up to 15,000 monthly […] Continue reading Okta launches a new free developer plan
If you develop software for a large enterprise company, chances are you’ve heard of Tricentis. If you don’t develop software for a large enterprise company, chances are you haven’t. The software testing company with a focus on modern cloud and enterprise applications was founded in Austria in 2007 and grew from a small consulting firm […] Continue reading Testing platform Tricentis acquires performance testing service Neotys
Photo by Luis Gomes from Pexels
Do you know what dependencies your app is using? All of them? We recently wrote about managing npm dependencies, but Node.js developers aren’t the only ones who rely on third-party libraries, APIs, and more in their appl… Continue reading How to Start Tracking Your Application Dependencies
How to uncover leak secrets with regex + entropy analysis
Image is taken from https://twitter.com/DZoneInc/status/1361420207793659904.
As a developer, I admit that I’ve committed secrets to public Github repositories before. Hardcoded secrets have alwa… Continue reading Scanning for Secrets in Source Code
Impact, exploitation, and prevention of XML External Entity Vulnerabilities
Photo by Piotr Chrobot on Unsplash
Welcome back to AppSec simplified! In this tutorial, we are going to talk about how you can prevent XXEs in Java applications. If you are not… Continue reading Preventing XXE in Java Applications
Shifting Left : A Penetration Tester’s Journey to the Code Analysis Camp
Why I Joined SAST company ShiftLeft
Most of you know me as an offensive security gal. The fact that I decided to join a SAST team frankly surprised me as well. Now that I have off… Continue reading A Penetration Tester’s Journey to the Code Analysis Camp