May 19, 2020
The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team....
May 18, 2020
Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.
To learn more about Signal...
May 12, 2020
In the Application Security News, Cloud servers hacked via critical SaltStack vulnerabilities, Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected, Mitigating vulnerabilities in endpoint network stacks, Microsoft Shells Out $100K for IoT Security, and Secure your team’s code...
May 11, 2020
DevOps and Agile IT practices have been around for a while. However, security teams are just now catching up. We will discuss how security teams can stop being “showstoppers” for the developers and actually work with them, not against them. Focus will be around empowering the developers with open source secrets...
May 5, 2020
This week in the Application Security News, “Psychic Paper” demonstrates why a lack of safe and consistent parsing of XML is disturbing, Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams, Salt Bugs Allow Full RCE as Root on Cloud Servers, Managing risk in today’s IoT landscape: not a...