# Log Injection **Log injection** is a type of *injection attack*. Injection attacks occur when maliciously crafted inputs are submitted by an attacker, causing an application to perform an unintended action. Log injection attacks occur when an attacker tricks the application into writing spurious or malicious entries in your log files. Log files are important […]
READ MOREAs the neverending stream of publications implementing Executive Order (EO) 14028 continue to drop, the National Institute of Standards and Technology (NIST) continues to provide additional guidance. At the end of August 2023, NIST released its most recent draft Special Publication (SP) 800-204D “Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD […]
At the end of August 2023, Jenkins announced it experienced 79% growth between June 2021 and June 2023. With an estimated 44% market share, Jenkins is a critical technology automating CI/CD pipelines. As a technology pervasive across the developer community, the Jenkins vulnerabilities announced on August 6, 2023, will likely attract attackers seeking to infiltrate […]
By Lukas Seidel Coding in dynamic languages like JavaScript and Python is fun and allows for fast iterations, but it comes with a cost. Without proper type information, developers are missing out on the ability to catch bugs early and get helpful IDE support. But the absence of properly typed variables makes life tricky not […]
We all do it. When we are recalling a story or something that happened in our lives, we fill in the “fuzzy” areas with what we believe to be the truth. It’s human nature to embellish somewhat or simply fill in the blanks with what could be facts based on our recollection, but often are […]
Software engineers’ ideal state includes being able to work with minimal disruption. This “flow state” is when they are most productive and have the best chance of delivering the products and features they are tasked with producing within the required timeline. Whenever something adversely impacts their flow state productivity, mental health, and overall effectiveness may […]
I couldn’t walk five feet at RSA recently without someone asking me about ChatGPT. The questions all boiled down to “ChatGPT—is it bad, really bad, or just plain horrible?” ChatGPT is all of these things, and at the same time it is none of them. ChatGPT is only what we make of it. Like any […]
Artificial intelligence (AI) is a rapidly evolving technology that has the potential to transform various sectors of our society. However, with the great power of AI comes the great responsibility to ensure that it is used ethically, responsibly, and safely. Recently, the Biden Administration announced new actions to promote responsible AI innovation that protects Americans’ […]
As we embark on this new chapter in application security, it’s important to understand how AI and machine learning can provide greater understanding and insight into vulnerabilities than older methods of detection. In this article we will cover the following: The risk of using vulnerable dependencies (directly or transitively) Not all vulnerabilities pose risk. Why not? […]
© 2023 Qwiet. All rights reserved.