Topic: vulnerabilities

How clean code can help prevent headline-grabbing vulnerabilities

While errors and bugs in coding technology may not always be harmful, many of them can be exploited by bad actors and result in vulnerabilities. Bad actors can leverage vulnerabilities to get the software to act in unexpected ways, potentially impacting the performance and security of the software. This could also give untrustworthy agents access to … continue reading

Veracode launches scanning tool to find API vulnerabilities

Veracode launched an advanced scanning tool that enables organizations to find and fix vulnerabilities in APIs.  The new capability leverages Veracode’s Dynamic Analysis (DAST) scanning engine to provide comprehensive security insights and remediation guidance for APIs. “The explosion of APIs means that application development is becoming more fragmented and decentralized in nature, so the attack … continue reading

bottle of poison

How hackers poison your code

Hackers are always looking for new ways to compromise applications. As languages, tools and architectures evolve, so do application exploits. And the latest target is developers. Traditionally, software supply chain exploits, such as the Struts incident at Equifax, depended on an organization’s failure to patch a known vulnerability. More recently, supply chain attacks have taken … continue reading

Android Partner Vulnerability Initiative launched to help manage security issues

The Android Security and Privacy Initiative (APVI) was launched to help developers manage security issues specific to Android OEMs.  “The APVI is designed to drive remediation and provide transparency to users about issues we have discovered at Google that affect device models shipped by Android partners,” the Android team wrote in a blog post. The … continue reading

HackerOne: The top 10 security vulnerabilities

Companies are paying the highest amount of bounties to fix cross-site scripting (XSS), improper authentication and information disclosure vulnerabilities. Meanwhile, some cloud-based vulnerabilities such as server-side request forgery (SSRF), in which an attacker can abuse functionality on the server to read or update internal resources, are seeing an uptick in bounties. This is according to … continue reading

CA Technologies acquires SourceClear for its DevSecOps portfolio

CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading

SD Times news digest: Netflix bug bounty program, InfluxData’s Apache Arrow support, and GitHub’s security alerts

Netflix is launching a public bug bounty program in order to improve the security of their solutions as well as strengthen their relationship with the security community. The program will be available through Bugcrowd. “Netflix’s goal is to deliver joy to our 117+ million members around the world, and it’s the security team’s job to … continue reading

Synopsys acquires Black Duck Software

Synopsys officially announced the acquisition of Black Duck Software this week. The companies first entered into an agreement that would enable Synopsys to acquire Black Duck early last month. According to Synopsys, the acquisition of Black Duck will help provide its customers with visibility into open source software. Black Duck provides automated solutions that detect … continue reading

Report: The top 8 emerging technology domains, and their threats

With great technology comes great risks. As new technology continues to emerge in this digital day and age, Carnegie Mellon University’s Software Engineering Institute (SEI) is taking a deeper look on the impact they will have. The institute has released its 2017 Emerging Technology Domains Risk report detailing future threats and vulnerabilities. “To support the … continue reading

Researchers: SAP Point-of-Sale systems vulnerable to attack

There are many ways hackers can exploit vulnerabilities to get the information they want. Flaws in Point-of-Sale (PoS) systems is on this list, and ERPScan researchers recently found that PoS software distributed by German vendor SAP is missing crucial checks that leave it vulnerable to unauthorized access and modification. A video demonstration by the research team shows a … continue reading

bug, pexels

Bugcrowd’s secret $250K bug bounty, Kony AppPlatform V8, and Git v2.14 — SD Times news digest: August 8, 2017

Bugcrowd is launching a bug bounty program for a secret customer, and the reward is the highest payout on the market today, in line with Microsoft’s recently increased max bug bounty payout of $250,000. The payout for this secret customer is $250,000, and according to the CEO of Bugcrowd, Casey Ellis, “High rewards like this … continue reading

Have I been Pwned? PyTorch v0.2.0, and new vulnerability data from Netsparker — SD Times news digest: August 7, 2017

Troy Hunt, a Microsoft regional director and security guru, released 320 million freely downloadable “Pwned Passwords” to shed light on how many real-world passwords have been exposed in data breaches. The service was created after NIST released guidance recommending that user-provided passwords be checked against existing data breaches. “My hope is that an easily accessible … continue reading

DMCA.com Protection Status