Hot Topics

Go

😱

Improving the state of Cosmos fuzzing

| | fuzzing, Go
By Gustavo Grieco Cosmos is a platform enabling the creation of blockchains in Go (or other languages). Its reference implementation, Cosmos SDK, leverages strong fuzz testing extensively, following two approaches: smart fuzzing ...
Trail of Bits Blog
software developer memory safe languages

CISA to Developers: Adopt Memory Safe Programming Languages

| | cisa, Go, Java, memory safe language, rust
Software makers need to embrace the growing number of newer programming languages that protect memory to reduce the number of security vulnerabilities in their products, according to cybersecurity agencies in the United ...
Security Boulevard

Publishing Trail of Bits’ CodeQL queries

| | C/C++, CodeQL, cryptography, Go
By Paweł Płatek We are publishing a set of custom CodeQL queries for Go and C. We have used them to find critical issues that the standard CodeQL queries would have missed ...
Trail of Bits Blog
👀

Avoid libwebp Electron Woes On macOS With positron

| | Cybersecurity, Go, golang, Information Security, macos
If you’ve got 👀 on this blog (directly, or via syndication) you’d have to have been living under a rock to not know about the libwebp supply chain disaster. An unfortunate casualty ...
rud.is

Security flaws in an SSO plugin for Caddy

| | attacks, audits, Dynamic Analysis, Exploits, Go, Mitigations, Program Analysis, Semgrep, Static Analysis
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web ...
Trail of Bits Blog
Shaft Silhouette with Can You Dig It below

“Bizarre” DNS Hacks For Fun And, Um…, Fun

| | dns, Go, golang, hacks
I’ve been (slowly) making my way through FOSDEM `23 presentations and caught up to Peter Lowe‘s “Bizarre and Unusual Uses of DNS • Rule 53: If you can think of it, someone’s ...
rud.is
🐘

Honk If You Like The Fediverse!

| | fediverse, Go, golang, mastodon
This is a re-post from today’s newsletter. I generally avoid doing this but the content here is def more “bloggy” than “newslettery”. You can now receive these blog posts in your activity ...
rud.is
How to scan for cybersecurity risks on every commit with CodeSec and Git Hooks for free

How to scan for cybersecurity risks on every commit with CodeSec & Git Hooks

| | .net, CodeSec, git, Go, Java, Javascript, python, Ruby, SAST, SCA, scan
Good programmers are lazy ...
AppSec Observer
How to detect Log4j vulnerabilities in Java projects for free with CodeSec

How to detect Log4j vulnerabilities in Java projects for free with CodeSec

| | .net, AppSec, aws, CodeSec, DevSecOps, Go, Java, SCA, scan, serverless
Log4j is a popular Java logging tool with a critical cybersecurity vulnerability that gained global attention in December 2021.  The U.S. Dept. of Homeland Security’s Cyber Safety Review Board stated in a ...
AppSec Observer
How to detect Log4j vulnerabilities in Java projects for free with CodeSec

How to detect Log4j vulnerabilities in Java projects for free with CodeSec

| | .net, AppSec, aws, CodeSec, DevSecOps, Go, Java, SCA, scan, serverless
Log4j is a popular Java logging tool with a critical cybersecurity vulnerability that gained global attention in December 2021.  The U.S. Dept. of Homeland Security’s Cyber Safety Review Board stated in a ...
AppSec Observer
Load more