In the late 1970s and early 1980s, if you had a personal computer there was a fair chance it either booted into some version of Microsoft Basic or you could load and run Basic. There were other versions, of course, especially for very small computers, but the gold standard for …read more
The malware-as-a-service is advanced, obfuscated and modular — and built for mass campaigns. Continue reading Silent Night Banking Trojan Charges Top Dollar on the Underground
I have a codebase that I’ve been keeping on Github that I don’t want to worry about losing. I’ve intermittently backed up all the repos to an S3 instance, but this doesn’t feel secure. If my Github and AWS accounts, or just my machine, wer… Continue reading Solutions for backing-up my codebase
Let’s say the following scenario exists:
A git repository exists on Azure DevOps Repos.
The repository uses yaml pipelines (azure-pipelines.yml).
The repository has branch policies to ensure that changes go through pull requests.
The bui… Continue reading How to prevent azure pipelines (yaml) from being used as an attack vector?
I have situation where I have to anlyse the third party components\libraries used in the code within the license terms and no know vulnerabilities.
I know there are tool name blackduck and whitesource which can meet the expectation, but w… Continue reading Are there any c# .net free software composition analysis tools to check opensource component used and its vulnerabilities and license [closed]
what are the best software to match against vulnerabilities in the 3rd party code that the software is using?
What are the subtle differences in both – as one could say that both are almost the same…
Static Code Analysis (also known as Source Code Analysis) is usually
performed as part of a Code Review (also known as white-box testing)
… Continue reading What is the difference between "secure code review" and "secure static code analysis"?
Software libraries targetting resource constrained environments like embedded systems use conditional compilation to allow consumers to shave space and thus increase performance by removing unused features from the final binaries distribut… Continue reading Does removing features from a library increase or reduce security risks?
Is there a mechnism that can ensure a deployment (server that can give https responses) is built from the actual (public) sourcecode provided by another https URL?
from commit #10020 at https://git.localhost/ (contains a fi… Continue reading Proving a software deployment’s origin sourcecode
I depend on PHP CLI for all kinds of personal and (hopefully, soon) professional/mission-critical “business logic”. (This could be any other language and the exact same problem would still stand; I’m just stating what I perso… Continue reading How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me?