Menu
# Log Injection **Log injection** is a type of *injection attack*. Injection attacks occur when maliciously crafted inputs are submitted by an attacker, causing an application to perform an unintended action. Log injection attacks occur when an attacker tricks the application into writing spurious or malicious entries in your log files. Log files are important […]
READ MOREAs the neverending stream of publications implementing Executive Order (EO) 14028 continue to drop, the National Institute of Standards and Technology (NIST) continues to provide additional guidance. At the end of August 2023, NIST released its most recent draft Special Publication (SP) 800-204D “Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD […]
At the end of August 2023, Jenkins announced it experienced 79% growth between June 2021 and June 2023. With an estimated 44% market share, Jenkins is a critical technology automating CI/CD pipelines. As a technology pervasive across the developer community, the Jenkins vulnerabilities announced on August 6, 2023, will likely attract attackers seeking to infiltrate […]
When learning how to find, exploit, or prevent different types of security vulnerabilities, you’ll want to understand the vulnerability’s root causes and what happens to an application when it’s exploited. Today, we’ll talk about remote code execution (RCE), it’s mechanisms, and how you can spot it in source code. Remote code execution and command injection […]
Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really daunting. Thankfully, most real-life vulnerabilities share the same root causes. And by studying these common vulnerability types […]
On March 21, the Biden administration directed US companies to “harden your cyber defenses immediately.” With these new federal guidelines for application security, the White House urged software developers to deploy “modern tools that can detect known and potential vulnerabilities” in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.
On March 21, the Biden administration directed US companies to “harden your cyber defenses immediately.” With these new federal guidelines for application security, the White House urged software developers to deploy “modern tools that can detect known and potential vulnerabilities” in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.
Does your static analysis tool see the C# source underlying your C# source? I am a compiler engineer at ShiftLeft, the designer and (main) implementor of the programming language layer of our static analysis tool for C# and Python. In this article, I discuss a bit about the static analysis of C# programs. When you […]
On March 21, the Biden administration directed US companies to “harden your cyber defenses immediately.” With these new federal guidelines for application security, the White House urged software developers to deploy “modern tools that can detect known and potential vulnerabilities” in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.
On March 21, the Biden administration directed US companies to “harden your cyber defenses immediately.” With these new federal guidelines for application security, the White House urged software developers to deploy “modern tools that can detect known and potential vulnerabilities” in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.
On March 21, the Biden administration directed US companies to “harden your cyber defenses immediately.” With these new federal guidelines for application security, the White House urged software developers to deploy “modern tools that can detect known and potential vulnerabilities” in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.
How to integrate security into the SDLC successfully The world has an insecure software problem, which is why 84% of cyber attacks focus on the application layer. Two major factors have contributed to the writing of insecure code — cumbersome security analysis tools and a strong drive to reach the market quickly. For things to […]
© 2023 Qwiet. All rights reserved.
