Introducing Qwiet AI AutoFix! Reduce the time to secure code by 95% Read More
Qwiet AI and the ancient Greek physicians like the father of medicine Hippocrates have much in common. Hippocrates highlighted the significance of a healthy diet and lifestyle in preventing diseases and acknowledged the root cause of physical and psychological ailments as diet and lifestyle choices (Διαιτήμασί in Greek), and now Qwiet AI is delivering his […]
READ MOREThe threat landscape is evolving quickly. Application security is working to keep pace with the ever-evolving threat landscape. As the application development process becomes more incremental, with developers embracing frameworks such as Agile and DevSecOps, it is becoming more important for developers to pay attention to application security trends, know what they can do better […]
Spring unauthenticated RCE via classLoader manipulation A critical zero-day vulnerability in the Spring framework was recently reported to Spring’s maintainer, VMWare. The vulnerability is an unauthenticated remote code execution vulnerability that affects Spring MVC and Spring WebFlux applications. You can find the CVE here. What is affected? The Spring4Shell RCE vulnerability allows attackers to execute code […]
There are plenty of good and popular caching libraries on the JVM, including ehcache, guava, and many others. However, in some situations it’s worth exploring other options. Maybe you need better performance. Or you want to allow the cache to grow and fill up the entire heap, yet shrink automatically when your application needs more […]
It is impossible to manage security posture without considering two key factors in any potential vulnerability or security flaw: reachability and risk. The two factors are related. Reachability defines the degree to which a given security vulnerability that is detected, such as a CVE, can actually be attacked and exploited to gain privileged access and […]
How can one measure and mitigate the security risks in open source software? This is a crucial topic that is now becoming a major issue in the software development community. In this chapter, we will dive into the work we have done at Google, in collaboration with Open Source Security Foundation (OSSF) to make it […]
With the increase of supply chain attacks on everything from logging software like Log4J to takeovers of important JavaScript packages to compromises of network utility tools like SolarWinds, more and more organizations are recognizing the need to adopt a Zero Trust mindset. Zero Trust can improve security, reduce risks, and give organizations greater confidence […]
The Open Source Software (OSS) Supply Chain is under attack. As evidenced by the recent Log4Shell vulnerability, the OSS supply chain is increasingly a focus for attackers seeking to exploit weak links in security. A number of research reports have recorded a significant increase in so-called “next-gen software supply chain attacks” over the past […]
25 vulnerabilities to look out for in Node JS applications: Directory traversal, prototype pollution, XSSI, and more… Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really […]
OWASP leader Vandana’s tips for navigating your career in infosec Our guest today, Vandana, holds a lot of impressive titles. She is the Chair of the OWASP Global Board of Directors, and she also leads multiple infosec Diversity Initiatives like InfosecGirls. But how did she get from an infosec newbie to the leader of OWASP […]