CWE

The “2025 CWE Most Important Hardware Weaknesses”

| | Blog, CWE, Hardware Security
The MITRE Corporation recently announced the availability of the 2025 Most Important Hardware Weakness (MIHW) list. This is the first data-driven list of root-cause hardware security weaknesses ever created, and I am ...
Cycuity

Enhancing Automotive Security with MITRE CWE

| | Automotive, Blog, CWE, Hardware Security
The cybersecurity of the electronics used in automotive designs is crucial and must be considered very early during the architecture and design phase of development. An important set of guideposts for this ...
Cycuity
25 Top CWE Software Weaknesses of 2022

25 Top CWE Software Weaknesses of 2022

| | Awareness Training, CWE, cyber attacks
“An opening invites the thief,” says an ancient proverb. As cyberattacks become more frequent and sophisticated, proactive preventive measures are required more than ever. These measures often include training employees to handle ...
Cyber Security Awareness Training Blog | CybeReady
Common Weakness Enumeration (CWE) and Why You Should Care

Common Weakness Enumeration (CWE) and Why You Should Care

| | Awareness Training, CWE, MITRE ATTACK
Common Weakness Enumeration (CWE) and Why You Should Care Security vulnerabilities come in all sizes, shapes, and forms today. Staying ahead of attackers requires organizations, their security teams, and pretty much everyone ...
Cyber Security Awareness Training Blog | CybeReady
VMware vulnerability virtualization Mandiant

Red Teams and the Value of Open Source PoC Exploits

| | (ISC)², CVE, CWE, Exploits and vulnerabilities, open source, proof of concept, Security Congress
Red Teams are a necessary part of a good cybersecurity program. The Red Team is offensive security, explained Richard Tychansky, a security researcher speaking at (ISC)2 Security Congress. During the Red Team ...
Security Boulevard
What to do about CWEs in your application

What to do about CWEs in your application

| | Application Security, AppSec, CWE, Software Security, Software Testing
Image by Pete Linforth from PixabayOver the past few weeks, we’ve published a series of blogs related to CWEs: we’ve taken a look at the changes in the Top 25 Most Dangerous Software ...
ShiftLeft Blog - Medium
CWE-77

CWE-77

| | Application Security, AppSec, CWE, Software Security, software-vulnerabilities
Improper Neutralization of Special Elements used in a Command (‘Command Injection’)CWE-77 refers to command injection, a vulnerability that allows malicious parties to control parts of the application by providing input that influences ...
ShiftLeft Blog - Medium
CWE-918

CWE-918

| | Application Security, AppSec, CWE, Software Security, SSRF
Server-Side Request Forgery (SSRF)Image by Edgar Oliver from PixabayServer-side request forgeries (SSRF) occur when the web application sends a request to the web server, and the webserver retrieves the requested content. However, the webserver ...
ShiftLeft Blog - Medium
CWE-200

CWE-200

| | Application Security, AppSec, CWE, Cybersecurity, Software Security
Exposure of Sensitive Information to an Unauthorized ActorPhoto by Paula from PexelsCWE-200 occurs when information that should remain confidential (e.g., systems and network information for the application, user-supplied data including names, email addresses, ...
ShiftLeft Blog - Medium
CWE-78

CWE-78

| | Application Security, AppSec, CWE, Cybersecurity, Software Security
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)OS command injection occurs when the application uses user input (which isn’t escaped or sanitized) as part of a command ...
ShiftLeft Blog - Medium
Load more