Java Deserialization Vulnerability Found to be Widespread Across SaaS Vendor SDKs

Java Deserialization Vulnerability Found to be Widespread Across SaaS Vendor SDKs

Courtesy (http://gallerycartoon.blogspot.com)Recently, we’ve identified a number of our customers who are susceptible to a deserialization-based remote control execution (RCE) vulnerability. In the majority of cases, a subset of the gadget chain (circumstances to exploit the deserialization vulnerability) is being triggered by customer application’s dependency on a one or more 3rd ... Read More
Do not meme to shame Twitter’s password leak incident

Do not meme to shame Twitter’s password leak incident

Twitter’s password security breach raised panic among social media users when they announced that they had discovered a bug that “inadvertently stored passwords unmasked in an internal log”.We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a ... Read More
A language to speak Dev[Sec]Ops

A language to speak Dev[Sec]Ops

From SecOps to DevSecOps and SecDevOps, there seems to be an unending stream of new buzzwords in systems technology. With all this jargon, increasingly stories can read more like inside baseball rather than an intentional strategy.To understand insertion of “Security” into “‘DevOps”, we need to reminisce about the origins of ... Read More
Detecting and Preventing Data Loss Using Semantic Code Property Graphs and Security Profiles

Detecting and Preventing Data Loss Using Semantic Code Property Graphs and Security Profiles

Detecting and preventing data loss is one of the top security concerns today. It’s a concern that has significantly amplified as companies move to trust third parties with their data, especially with increased reliance on cloud computing. To prevent and mitigate data loss, companies must ensure that their data is ... Read More
What GDPR Means for Application Teams

What GDPR Means for Application Teams

You’re likely aware of the European Union (EU) General Data Protection Regulation (GDPR) that strengthen’s the rules regarding user data and privacy. This regulation applies not only to data processors operating in any EU member country, but also to non-EU companies that process data concerning EU citizens. Given the global ... Read More
Data Breach — Fix the problem, not the symptom

Data Breach — Fix the problem, not the symptom

By now most of us have grown accustomed to reading daily news about data breaches impacting organizations of all types and sizes. Usually we read with the intent of understanding the cause and effect of a breach, but in some cases we are personally affected. Collectively (and justifiably) we judge ... Read More
Shiftleft — Notes on a journey

Shiftleft — Notes on a journey

Do you remember what life was like before Google Maps?Often you had to plan your trip using printed maps, marking destinations and points of interest using a pen. Then inevitably, all your effort was for naught when you hit peak traffic or major construction and have no idea to work ... Read More