Applications
Stay up-to-date with the latest security technologies and best practices to secure software applications, identify vulnerabilities, and protect your code from potential threats. As software development accelerates, robust application security is essential to safeguard against exploits and breaches.
-
Open Source Sabotage Incident Hits Software Supply Chain
An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software. Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and…
-
SolarWinds-Like Supply Chain Attacks will Peak in 2022, Apiiro Security Chief Predicts
Cyberthreats against software supply chains moved to the forefront of cybersecurity concerns a year ago when revelations of the attack on software maker SolarWinds emerged. Now one security researcher – Moshe Zioni, vice president of security research for application risk management startup Apiiro – is predicting that supply chain attacks will likely peak in 2022…
-
Log4Shell Exploitation Grows as Security Firms Scramble to Contain Log4j Threat
Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems. The cybersecurity community is responding with tools for detecting exploitation of the vulnerability, a remote code execution (RCE) flaw dubbed Log4Shell and…
-
‘Trojan Source’ a Threat to All Source Code, Languages
Researchers have outlined a method that could be used by bad actors to push vulnerabilities into source code that are invisible to human code reviewers. In a paper released this week, two researchers at the University of Cambridge in the UK wrote that the method – which they dub “Trojan Source” – essentially can be…
-
Microsoft Makes Exchange Server Patches Less Optional
Microsoft Exchange is a frequent target of hackers, and often the attack vector is a well known vulnerability that a company just hasn’t gotten around to patching. To try to deal with that problem, Microsoft is doing what a lot of other software vendors may start doing: making applying fixes a lot less optional. In…
-
OWASP Names a New Top Vulnerability for First Time in Years
OWASP security researchers have updated the organization’s list of the ten most dangerous vulnerabilities – and the list has a new number one threat for the first time since 2007. The last update was in November 2017, and the latest draft is available for peer review until the end of the year. The Open Web…
-
Microsoft Expands Passwordless Sign-on to All Accounts
Microsoft for the past few years has been among the loudest vendors calling for a security future that doesn’t include passwords. In 2018, the software giant took the step of doing away with passwords for people signing into its Edge web browser, saying instead they could use a number of alternatives. Since then, the company…
-
Top Code Debugging and Code Security Tools
There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And as even a casual reader would know from the headlines, not all of that code is flawless. In fact, there are more…
-
Neural Fuzzing: A Faster Way to Test Software Security
Software vulnerabilities are a grave threat to the security of computer systems. They often go undetected for years until it is too late and the consequences are irreversible. In order to find these weaknesses, software security testers and developers often have to manually test the entire codebase and determine if any vulnerabilities exist. However, this…
