AppSec
How-to Identify Directory Traversal Vulnerabilities with ShiftLeft Ocular: A Detailed Code Example
How-to Identify Directory Traversal Vulnerabilities with ShiftLeft Ocular: A Detailed Code Example with DeepLearning4j and OpenRefine (CVE-2018–19859)In one of our most recent blog posts Chetan Conikee wrote about a directory traversal caused ...
Why Framework Choice Matters in Web Application Security
One of the oldest clichés in web application security is that, "It doesn't matter which framework you choose, if you know what you're doing". In my experienced opinion, off the back of ...
Deconstructing Data Leak incident of Signet Jewelers (parent company of Kay and Jared jewelers)
Protecting the Crown Jewels: Deconstructing Data Leakage in Exotic Environments (Inspiration from Signet — Kay/Jared Jewelers Breach)Credits : Micheal HillNote : The following series of deconstruction/post-mortem is indicative of the security issues similar to ...
Special Guest Tanya Janca, DevOps and AppSec, Women in Cybersecurity – #82
In this episode Tom and Scott are joined by special guest Tanya Janca who is a Senior Cloud Developer Advocate for Microsoft. We speak with Tanya about her journey into the world ...
Mobile Threats and Trends Changing Mobile App Security
Deploying your high-value mobile app to untrusted environments such as consumer mobile devices can be a risky proposition. Are some of your customers’ devices compromised? Do your users also download apps from ...
Securing the Code: DevOps Security and AppSec
DevSecOps is increasingly becoming the new normal for organizations that develop their own applications, as the risk from cyberthreats grows daily. DevSecOps helps companies in their own application security efforts by including ...
The Need for Real-World Runtime Protection Benchmarking
First-principles thinking is one of the best ways to reverse-engineer complicated problems and unleash creative possibility. Sometimes called “reasoning from first principles,” the idea is to break down complicated problems into basic ...
Can Security be a Business Enabler?
Finding, prioritizing, and fixing vulnerabilities during Development and protecting the applications from attacks in Production is the security best-practice. Yet, this is ineffective, resource intensive and exacerbated as organizations modernize their development ...
Deserialization Vulnerability Confirmed in Nexmo 3.4.0 SDK
Nexmo has confirmed that their 3.4.0 SDK contained the Jackson-databind vulnerability that we announced earlier this week as widespread amongst SaaS SDKs.The deserialization vulnerability can be escalated into remote control execution (RCE) ...
The 3 Ways of DevSecOps (Part 1)
Have you read “The Phoenix Project“? If you haven’t, you should! It mirrors the method used by Goldratt in “The Goal,” first published in 1984. It’s a story, not a textbook. The Phoenix ...
