Code
AI, Processor Advances Will Improve Application Security
Applications may soon become more secure as code written by artificial intelligence (AI) platforms finds its way onto next-generation secure processors. Matt Jarvis, director of developer relations for Snyk, told attendees at ...
Debunking 5 Myths About Detection-as-Code
Would you let misconceptions keep you from adopting a tool that can help your security team do its best work? In my ten years of building security monitoring solutions, I learned that ...
Find command injection in source code
Using Ocular to search for command injection in an application by tracing dataflowWhen learning how to find, exploit, or prevent different types of security vulnerabilities, you’ll want to understand the vulnerability’s root causes ...
What is a false positive and why is having a few around a good sign?
Why false positives in security tools could be a positive, and why you should not go after the lowest false positive rates possible.“We want a security tool with low false positives. Our ...
An Optimisation Story: Building a Code Scanner for Large Golang Apps
This post will shed some light on how we were able to optimise one of our frontends, reducing the typical project’s run time by half. We’ll also take a look at some ...
Detecting and Exploiting XXEs: AppSec Simplified
Finding XXE vulnerabilities in applications via code analysisWelcome back to AppSec Simplified! Last time, we talked about the fascinating XXEs vulnerabilities and how they can affect your application. If you are not already ...
5 Reasons Why Mobile Application Security Fails
Traditionally, large organizations and the enterprise have been the focus for hackers and malicious attacks, but in recent years, the rise of sophisticated hacking tools and leaked databases on the dark web, ...
Open Source Code: Trojan Horse for Attacks?
On June 2, it was revealed that the Octopus Scanner malware had infected at least 26 open source code repositories on GitHub. Once downloaded, the malware specifically targets the Apache NetBeans Java ...
DevOps productivity series — GitHub for DevSecOps
GitHub & DevSecOps Productivity TipsThis article was originally published at ShiftLeft Blog.My colleague Andrew Fife wrote about our passion to focus on developer experience and productivity with our NextGen Static Analysis platform ...
DevOps Chats: Open Source Security, With WhiteSource
WhiteSource, one of the leaders in the software composition analysis space, recently released its annual report, “The State of Open Source Security Vulnerabilities.” It is chock full of good data and findings ...