In an effort to reduce the number of vulnerabilities in Android apps, Google is introducing the Android Application Security Knowledge Base (AAKB). The AAKB includes a database of common code issues, complete with examples on how to remediate them and explanations on how to implement specific code patterns. Google already does scan Android apps for … continue reading
The latest edition of the OWASP Top 10 showed that all of the highest-priority vulnerabilities since 2017 have shifted and new ones have been introduced. Broken Access Control has dethroned Injection as the top vulnerability, whereas it previously held fifth place. The 34 Common Weakness Enumerations (CWEs) mapped to Broken Access Control had more occurrences … continue reading
As employees transitioned to working from home, this created new vulnerabilities in systems designed for a centralized, in-office workforce and also resulted in a spike in cybercriminal activity. This is according to the new 2021 Network Security Report conducted by the cybersecurity and managed security services provider Trustwave which is based on scans of millions … continue reading
Google launched Open Source Vulnerabilities (OSV) this week to provide users with precise data on where a vulnerability was introduced, where it got fixed, and to help users know if they’ve been impacted. According to Google, OSV solves issues surrounding open-source security using automation in two key ways: improving the accuracy of vulnerability queries and … continue reading
WhiteSource announced new vulnerability-based alerts designed to speed up and simplify the vulnerability management process. It will provide developers with flexibility when managing alerts as well as providing a more granular view of the issues, according to the company. “The number of known security vulnerabilities has been rising exponentially over the past few years, and … continue reading
DeepCode has revealed the most important bugs as well as the top security vulnerabilities. The analysis comes from the company’s AI-powered code review tool, which analyzed hundreds of thousands of open-source projects to narrow down the vulnerabilities that happen with the most frequency. According to the analysis, file I/O corruptions are the biggest general issue … continue reading
VMware announced that it completed the acquisition of Pivotal Software, a cloud-native platform provider. “We believe that modern application development solutions and practices need to be easily accessible to everyday enterprises across the globe. With Pivotal’s developer capabilities as the foundation, we’ll focus on delivering consumable, enterprise-ready cloud native offerings to customers to help them … continue reading
The JavaScript package manage provider npm has found a security vulnerability that can open access to arbitrary files on a user’s system. According to the company, npm versions prior to 6.13.4 made it possible for a globally-installed package to overwrite an existing binary in the target location. Npm is recommending an to update to npm … continue reading
Google is taking reCAPTCHA one step further by making it invisible. Now, human users will be let through without seeing the “I’m not a robot” checkbox, and bot and suspicious users will have to solve challenges that use Google’s risk analysis algorithms. The advantage of reCAPTCHA is its enhanced security, according to Google. It’s a … continue reading
There is an ongoing debate as to which popular operating system is more secure. Despite recent claims that Android is more secure than iPhone, any computing device is only as secure as the information security practices maintained by the device owner, according to an expert from SecurityScorecard. While it is true that Android’s “open-source” operating … continue reading
The adoption of DevOps is transforming how companies deliver software, but this shift toward agility and Continuous Delivery is exposing some gaps that persist in application security. A majority of security teams and developers agree that adopting DevOps into their culture can improve application security, but only a small portion of them actually do application … continue reading
Veracode today released its findings from its annual State of Software Security Report, which revealed that the persistent use of components in software development is creating unmanaged risk. The report also found that companies can benefit if they accelerate their application security programs. Veracode found that a single popular component with a critical vulnerability spread … continue reading
