The Optus Breach: How Bad Code Keeps Happening to Good Companies
First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here and others indicated in references section below.On Thursday ...
Reachability and Risk: Tools for Security Leaders
By Malcolm Harkins, Bryan Smith, Rob LundyAttacker Reachability (or “Attackability”), is a concept in open source software vulnerability management. It’s a way to understand if, 1) a vulnerability is present, and 2) Can ...
Spring4Shell: Spring Remote Code Execution Vulnerability
Spring unauthenticated RCE via classLoader manipulationPhoto by Emile Perron on UnsplashA critical zero-day vulnerability in the Spring framework was recently reported to Spring’s maintainer, VMWare. The vulnerability is an unauthenticated remote code execution ...
Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud
By Arun Balakrishnan, Sr. Director Product ManagementPhoto by Markus Spiske on UnsplashIdentity credentials and source code are critical assets that can create major risks for your organization when exposed by breaches of third-party ...
Importance of Securing Software with a Zero Trust Mindset
By Shinesa Cambric, MicrosoftThis article is part of a series showcasing learnings from the Secure Software Summit.Photo by Morgane Perraud on UnsplashWith the increase of supply chain attacks on everything from logging software like ...
Secure Software Summit: The State of OSS Supply Chain Security
By Dan Lorenc, ChainguardThis article is part of a series showcasing learnings from the Secure Software SummitPhoto by Reproductive Health Supplies Coalition on UnsplashThe Open Source Software (OSS) Supply Chain is under attack. As ...
Secure Software Summit Series: Focus on Preventative Readiness
By Chetan ConikeeThis article is part of a series showcasing learnings from the Secure Software SummitPhoto by Towfiqu barbhuiya on UnsplashThe connected world economy and the COVID-19 pandemic forced companies to accelerate digital transformation. Sophisticated ...
Secure Software Summit Findings
Shifting Security Left is a Work In ProgressWhat are the biggest concerns on the minds of application security and developers?As part of the inaugural Secure Software Summit event, ShiftLeft polled conference participants on ...
Angular + React: Vulnerability Cheatsheet
The most common vulnerabilities to look out for in Angular and React applications: template injection, XSSI, authentication bypass, and more.Photo by Lautaro Andreani on UnsplashSecuring applications is not the easiest thing to do. An ...
Announcing the AppSec Ambassador Program
Passionate about securing software? Become an AppSec Ambassador!Photo by Emmanuel Ikwuegbu on UnsplashInterested in helping developers write secure code from the start? ShiftLeft has launched a program to support you in the mission ...
