Hot Topics

Code

application cyberwarfare firewall

AI, Processor Advances Will Improve Application Security

| | AI, Application Security, AppSec, Code, memory safe language, secure code
Applications may soon become more secure as code written by artificial intelligence (AI) platforms finds its way onto next-generation secure processors. Matt Jarvis, director of developer relations for Snyk, told attendees at ...
Security Boulevard
detection-as-code, misconception

Debunking 5 Myths About Detection-as-Code

| | CI-CD, Code, Detection-as-Code, security, Teams, threat dectection, tools
Would you let misconceptions keep you from adopting a tool that can help your security team do its best work? In my ten years of building security monitoring solutions, I learned that ...
Security Boulevard
Command injection vulnerability in source code | The Dataflow Show

Find command injection in source code

| | Application Security, Code, Cybersecurity, Hacking, Web Development
Using Ocular to search for command injection in an application by tracing dataflowWhen learning how to find, exploit, or prevent different types of security vulnerabilities, you’ll want to understand the vulnerability’s root causes ...
ShiftLeft Blog - Medium
What is a false positive and why is having a few around a good sign?

What is a false positive and why is having a few around a good sign?

| | Code, Cybersecurity, DEVOPS, DevSecOps, Software Development
Why false positives in security tools could be a positive, and why you should not go after the lowest false positive rates possible.“We want a security tool with low false positives. Our ...
ShiftLeft Blog - Medium
picture of a Go profiling graph showing CPU usage on a per-method basis

An Optimisation Story: Building a Code Scanner for Large Golang Apps

| | Code, DevSecOps, golang, optimization, programming
This post will shed some light on how we were able to optimise one of our frontends, reducing the typical project’s run time by half. We’ll also take a look at some ...
ShiftLeft Blog - Medium
Detecting and Exploiting XXEs: AppSec Simplified

Detecting and Exploiting XXEs: AppSec Simplified

| | Code, Cybersecurity, DEVOPS, security, Software Development
Finding XXE vulnerabilities in applications via code analysisWelcome back to AppSec Simplified! Last time, we talked about the fascinating XXEs vulnerabilities and how they can affect your application. If you are not already ...
ShiftLeft Blog - Medium
passwords VPNs mobile application security

5 Reasons Why Mobile Application Security Fails

| | app, application development, authorization, Code, mobile apps, security
Traditionally, large organizations and the enterprise have been the focus for hackers and malicious attacks, but in recent years, the rise of sophisticated hacking tools and leaked databases on the dark web, ...
Security Boulevard

Open Source Code: Trojan Horse for Attacks?

| | Code, crypto-jacking, runtime security monitoring, source code scanning
On June 2, it was revealed that the Octopus Scanner malware had infected at least 26 open source code repositories on GitHub. Once downloaded, the malware specifically targets the Apache NetBeans Java ...
Security Boulevard
DevOps productivity series — GitHub for DevSecOps

DevOps productivity series — GitHub for DevSecOps

| | Code, Development, DevSecOps, productivity, Terraform
GitHub & DevSecOps Productivity TipsThis article was originally published at ShiftLeft Blog.My colleague Andrew Fife wrote about our passion to focus on developer experience and productivity with our NextGen Static Analysis platform ...
ShiftLeft Blog - Medium
ChatGPT ransomware applications Palo Alto Google data privacy

DevOps Chats: Open Source Security, With WhiteSource

| | Code, DEVOPS, DevSecOps, open source, Open Source Security, Podcast, Vulnerabilities, WhiteSource
WhiteSource, one of the leaders in the software composition analysis space, recently released its annual report, “The State of Open Source Security Vulnerabilities.” It is chock full of good data and findings ...
Security Boulevard
Load more