Enhancing Automotive Security with MITRE CWE

The cybersecurity of the electronics used in automotive designs is crucial and must be considered very early during the architecture and design phase of development. An important set of guideposts for this ...
25 Top CWE Software Weaknesses of 2022

25 Top CWE Software Weaknesses of 2022

“An opening invites the thief,” says an ancient proverb. As cyberattacks become more frequent and sophisticated, proactive preventive measures are required more than ever. These measures often include training employees to handle ...
Common Weakness Enumeration (CWE) and Why You Should Care

Common Weakness Enumeration (CWE) and Why You Should Care

Common Weakness Enumeration (CWE) and Why You Should Care Security vulnerabilities come in all sizes, shapes, and forms today. Staying ahead of attackers requires organizations, their security teams, and pretty much everyone ...
VMware vulnerability virtualization Mandiant

Red Teams and the Value of Open Source PoC Exploits

Red Teams are a necessary part of a good cybersecurity program. The Red Team is offensive security, explained Richard Tychansky, a security researcher speaking at (ISC)2 Security Congress. During the Red Team ...
Security Boulevard
What to do about CWEs in your application

What to do about CWEs in your application

Image by Pete Linforth from PixabayOver the past few weeks, we’ve published a series of blogs related to CWEs: we’ve taken a look at the changes in the Top 25 Most Dangerous Software ...
CWE-77

CWE-77

Improper Neutralization of Special Elements used in a Command (‘Command Injection’)CWE-77 refers to command injection, a vulnerability that allows malicious parties to control parts of the application by providing input that influences ...
CWE-918

CWE-918

Server-Side Request Forgery (SSRF)Image by Edgar Oliver from PixabayServer-side request forgeries (SSRF) occur when the web application sends a request to the web server, and the webserver retrieves the requested content. However, the webserver ...
CWE-200

CWE-200

Exposure of Sensitive Information to an Unauthorized ActorPhoto by Paula from PexelsCWE-200 occurs when information that should remain confidential (e.g., systems and network information for the application, user-supplied data including names, email addresses, ...
CWE-78

CWE-78

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)OS command injection occurs when the application uses user input (which isn’t escaped or sanitized) as part of a command ...
CWE-611

CWE-611

Improper Restriction of XML External Entity ReferenceCWE-611 refers to vulnerabilities that arise when an application processes an XML document that contains entities referring to external URIs. These URIs resolve to assets outside ...