Cyber Security Informer

Why so many companies still find moving to DevSecOps hard

SC Magazine

MARCH 1, 2021

Today’s columnist, Matias Madou of Secure Code Warrior, offers advice on how to bring the App Sec and DevOps teams together to create a collaborative DevSecOps approach. Security pros face great challenges in managing all the products and tools they use to handle the cyber risks they face.

Energy and Utilities

Energy and Utilities Marketing Firewall Risk

Developers knowingly push flawed code, doubt build environments are secure

SC Magazine

MAY 14, 2021

New research found that most development teams, 81%, had knowingly pushed flawed code live.(Photo Overwhelmed and resource-starved app developers are approving vulnerable code and pushing it into live applications in alarming numbers, according to a new research report. Photo by Justin Sullivan/Getty Images).

Software

Software Manufacturing Risk Media

When AIs Start Hacking

Schneier on Security

APRIL 26, 2021

As I lay out in a report I just published , artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. We never describe all the options, or include all the applicable caveats, exceptions, and provisos.

Hacking

Hacking Artificial Intelligence Government Engineering

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

Security Boulevard

MARCH 24, 2022

Identity credentials and source code are critical assets that can create major risks for your organization when exposed by breaches of third-party cloud service companies that provide identity management and software composition analysis. Breaches happen, even to companies like Okta that put a priority on security.

Risk

Risk Software Engineering Passwords

Why “Complete Coverage” SAST Tools Fall Short for Developers

ForAllSecure

DECEMBER 8, 2022

Nearly every development team uses Static Application Security Testing (SAST) to identify issues in their applications. This type of scanning helps flag vulnerabilities for developers to fix. But using SAST alone can cause significant frustration for developers and fall short for security for two fundamental reasons.

Software

Software Risk

Where Exactly Are Code Signing Machine Identities Used?

Security Boulevard

APRIL 13, 2022

Where Exactly Are Code Signing Machine Identities Used? Securing software shipped externally . Signing software before shipping is important because it’s how customers know they can trust the software when they download it from the internet and install. Securing internal software infrastructure .

Software

Software Firmware IoT Internet

Linux Kernel Security Done Right

Google Security

AUGUST 3, 2021

Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway, you're not sprayed in the face with oil and gasoline, and you quickly get where you want to go.

Engineering

Engineering Surveillance Software Risk

Device manufacturers need to rethink how to lock down IoT

SC Magazine

MAY 27, 2021

Today’s columnist, Matt Wyckhouse of Finite State, says to lock down IoT devices, manufacturers have to build security in from the start. Yet security spending doesn’t match the tremendous impact of these devices. Yet security spending doesn’t match the tremendous impact of these devices. Threat actors have noticed.

Manufacturing

Manufacturing IoT Firmware Software

Getting Devs To Go Along With Your DevSecOps New Year’s Resolution

Security Boulevard

JANUARY 4, 2022

This is doubly true if you are an AppSec manager looking to finally “shift security left.”. As an AppSec professional, you are already between two teams: the security team you report to, and the development team you need to collaborate with. One way to approach this complex change is to focus on a central subject like security debt.

Software

Software Engineering Accountability Risk

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

eSecurity Planet

APRIL 7, 2023

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. For now, Kali is primarily known for its roughly 600 open source pentesting tools, allowing pentesters to easily install a full range of offensive security tools.

Penetration Testing

Penetration Testing Social Engineering Energy and Utilities Hacking

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. Until a fully password-free environment is deployed, accepted, and adopted by all users, less secure methods of authentication will still be relied on.

Authentication

Authentication Passwords Data breaches Phishing

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. In theory, the ability to analyze source code and infer potential defects using SAST in the build process seems like a real step forward in improving the quality of software. Why is this important? Six Problems.

Software

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

ForAllSecure

APRIL 3, 2019

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures.

Technology

Technology Software Marketing CISO

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. In theory, the ability to analyze source code and infer potential defects using SAST in the build process seems like a real step forward in improving the quality of software. Why is this important? Six Problems.

Software

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. In theory, the ability to analyze source code and infer potential defects using SAST in the build process seems like a real step forward in improving the quality of software. Why is this important?

Software

How to Prevent Malware as a Small Business

SiteLock

AUGUST 27, 2021

The first real instance of malware occurred in the early 1970s — when BBN Technologies engineer Bob Thomas wrote the code behind the so-called “ Creeper worm.” Malvertising is a case where cybercriminals take advantage of legitimate advertising networks to enable the spread of malicious code. What is malware? Website Defacements.

Small Business

Small Business Malware Data breaches Insurance

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? We also talk about what’s driving the adoption of AI and machine learning technologies in the information security field.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

ForAllSecure

APRIL 3, 2019

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures.

Technology

Technology Software Marketing CISO

A REFLECTION ON FORALLSECURE'S JOURNEY IN BOOTSTRAPPING BEHAVIOR TESTING TECHNOLOGY

ForAllSecure

APRIL 3, 2019

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures.

Technology

Technology Software Marketing CISO

Securing work-at-home apps

Errata Security

MAY 19, 2020

In today's post, I answer the following question: Our customer's employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature can we add for these customers? Your product has security bugs, known as vulnerabilities.

Engineering

Engineering VPN Encryption Marketing

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? We also talk about what’s driving the adoption of AI and machine learning technologies in the information security field.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? We also talk about what’s driving the adoption of AI and machine learning technologies in the information security field.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

vsftpd-3.0.0 and seccomp filter sandboxing is here!

Scary Beasts Security

APRIL 9, 2012

Why all the excitement? In other words, it's designed to be used as a security technology whereas ptrace() is not. Application-defined. An unprivileged application can install a filter. For example, a future Chromium will likely ship without the need for a "setuid helper". Defense against glibc vulnerabilities.

Technology

Penetration Testing: What is it?

NetSpi Executives

APRIL 27, 2024

How penetration testing is done How to choose a penetration testing company How NetSPI can help Penetration testing enables IT security teams to demonstrate and improve security in networks, applications, the cloud, hosts, and physical locations. Table of Contents What is penetration testing? What is penetration testing?

Penetration Testing

Penetration Testing Social Engineering Software Wireless

The Hacker Mind Podcast: The Hacker Revolution Will Be Televised

ForAllSecure

FEBRUARY 22, 2023

Last year at Hacker Summer Camp I was invited to Mikko Hypponen’s book launch for If it’s Smart, It’s vulnerable. What if DEF CON CTFs were televised? What if you could see their screens and have interviews with the players in the moment? Jordan Wiens, from Vector 35 , maker of Binary Ninja, is no stranger to CTFs.

Engineering

Engineering Hacking Wireless Marketing

A look at Chrome’s security review culture

Google Security

JULY 20, 2023

Posted by Alex Gough, Chrome Security Team Security reviewers must develop the confidence and skills to make fast, difficult decisions. This post shares advice we give to people doing security reviews for Chrome. This post shares advice we give to people doing security reviews for Chrome.

Engineering

Engineering Architecture Risk Education

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Is there something more secure? Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi-factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

Passwords

Passwords Authentication Mobile Password Management

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences. Don’t believe me?

Hacking

Hacking Energy and Utilities Manufacturing Firmware

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Shortly after OpenSSL’s Heartbleed, Shellshock was discovered lurking in Bash code two-decades old. How could open source software be vulnerable for so long? Years ago, I was the lead security software reviewer at ZDNet and then at CNET. The password protected password file clearly was not secure.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Shortly after OpenSSL’s Heartbleed, Shellshock was discovered lurking in Bash code two-decades old. How could open source software be vulnerable for so long? Years ago, I was the lead security software reviewer at ZDNet and then at CNET. The password protected password file clearly was not secure.

Software

Software Passwords Internet Internet

Veracode and Finite State Partner to Address Connected Device Security

Veracode Security

MAY 24, 2021

Veracode has long been a leader in application security, offering static analysis, software composition analysis, and dynamic analysis, and has now entered into a partnership with Finite State , an expert in connected device security, to help our customers fully address their product security needs.????????

Manufacturing

Manufacturing Risk Firmware Architecture

What is a false positive and why is having a few around a good sign?

Security Boulevard

AUGUST 18, 2021

Why false positives in security tools could be a positive, and why you should not go after the lowest false positive rates possible. “We We want a security tool with low false positives. Now, let’s return to application security and software engineering. Our developers are too busy.”.

Engineering

Engineering Software Risk Education

Open Source Security Podcast EP. 151 - The DARPA Cyber Grand Challenge With David Brumley

ForAllSecure

AUGUST 12, 2019

Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. Why don't you say hello, David?

Technology

Technology Software Marketing Hacking

FuzzCon TV Tackles Federal Fuzz Testing

ForAllSecure

JULY 15, 2020

Guests include Jonathan Butts, Founder at QED Secure Solutions ; Joe Jarzombek, Director for Government, Aerospace & Defense Programs at Synopsys ; and Zach Walker, DIU Texas Lead at Defense Innovation Unit. . “Typically when we think of fuzzing or sending inputs in software, we tend to think at the application layer.

Government

Government Software IoT

FuzzCon TV Tackles Federal Fuzz Testing

ForAllSecure

JULY 15, 2020

Guests include Jonathan Butts, Founder at QED Secure Solutions ; Joe Jarzombek, Director for Government, Aerospace & Defense Programs at Synopsys ; and Zach Walker, DIU Texas Lead at Defense Innovation Unit. . “Typically when we think of fuzzing or sending inputs in software, we tend to think at the application layer.

Government

Government Software IoT

FuzzCon TV Tackles Federal Fuzz Testing

ForAllSecure

JULY 15, 2020

Guests include Jonathan Butts, Founder at QED Secure Solutions ; Joe Jarzombek, Director for Government, Aerospace & Defense Programs at Synopsys ; and Zach Walker, DIU Texas Lead at Defense Innovation Unit. . “Typically when we think of fuzzing or sending inputs in software, we tend to think at the application layer.

Government

Government Software IoT

[0day] [exploit] Compromising a Linux desktop using. 6502 processor opcodes on the NES?!

Scary Beasts Security

NOVEMBER 14, 2016

Overview A vulnerability and a separate logic error exist in the gstreamer 0.10.x We’ll cover why below. If you take all the updates, you’ll get a new glibc, which changes some code offsets and the exploit will crash. The vulnerability is in libgstnsf.so , an audio decoder present in the gstreamer-0.10 distribution.

Banking

Banking Media Risk Engineering

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

ForAllSecure

JANUARY 22, 2023

Having a common framework around vulnerabilities, around threats , helps us understand the infosec landscape better. that uses both Star Wars and STRIDE to help engineers under vulnerabilities and threats in software development. And why should he? He’s the author of the acclaimed Threat Modeling: Designing for Security.

Engineering

Engineering Technology Authentication InfoSec

Open Source Security Podcast EP. 151 - The DARPA Cyber Grand Challenge With David Brumley

ForAllSecure

AUGUST 12, 2019

Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. Why don't you say hello, David?

Technology

Technology Software Marketing Hacking

OPEN SOURCE SECURITY PODCAST EP. 151-- THE DARPA CYBER GRAND CHALLENGE WITH DAVID BRUMLEY

ForAllSecure

AUGUST 12, 2019

Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. Why don't you say hello, David?

Technology

Technology Software Marketing Hacking

The Hacker Mind Podcast: Hacking Biology

ForAllSecure

JUNE 30, 2021

There are a lot of parallels between computer security and biology. Welcome to the hacker mind and original podcast from Brawl secure, it's about challenging our expectations about the people who hack for a living. If you think you already understand hacking systems, then I’ve got a story for you. Did I just say biology.

Hacking

Hacking Engineering Information Security Artificial Intelligence

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

AUGUST 27, 2020

To give the idea with a non-code example: If we compare fuzzing to playing the classic game “Battleship,” a “dumb” fuzzer is like calling shots without knowing if our previous shots were “hits” or “misses” Its strategy is just to shoot around blindly. Details of the JQ UAF in f_multiply().

Technology

Technology Software

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

AUGUST 25, 2020

To give the idea with a non-code example: If we compare fuzzing to playing the classic game “Battleship,” a “dumb” fuzzer is like calling shots without knowing if our previous shots were “hits” or “misses” Its strategy is just to shoot around blindly. Details of the JQ UAF in f_multiply().

Software

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

AUGUST 25, 2020

To give the idea with a non-code example: If we compare fuzzing to playing the classic game “Battleship,” a “dumb” fuzzer is like calling shots without knowing if our previous shots were “hits” or “misses” Its strategy is just to shoot around blindly. Details of the JQ UAF in f_multiply().

Software

Why so many companies still find moving to DevSecOps hard

Developers knowingly push flawed code, doubt build environments are secure

Webinars

Trending Sources

When AIs Start Hacking

Webinars

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

Why “Complete Coverage” SAST Tools Fall Short for Developers

Where Exactly Are Code Signing Machine Identities Used?

Linux Kernel Security Done Right

Device manufacturers need to rethink how to lock down IoT

Getting Devs To Go Along With Your DevSecOps New Year’s Resolution

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

3 Steps to Prevent a Case of Compromised Credentials

Challenging ROI Myths Of Static Application Security Testing (SAST)

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

Challenging ROI Myths Of Static Application Security Testing (SAST)

Challenging ROI Myths Of Static Application Security Testing (SAST)

How to Prevent Malware as a Small Business

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

A REFLECTION ON FORALLSECURE'S JOURNEY IN BOOTSTRAPPING BEHAVIOR TESTING TECHNOLOGY

Securing work-at-home apps

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

vsftpd-3.0.0 and seccomp filter sandboxing is here!

Penetration Testing: What is it?

The Hacker Mind Podcast: The Hacker Revolution Will Be Televised

A look at Chrome’s security review culture

The Hacker Mind Podcast: Going Passwordless

The Hacker Mind Podcast: Hacking Industrial Control Systems

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

Veracode and Finite State Partner to Address Connected Device Security

What is a false positive and why is having a few around a good sign?

Open Source Security Podcast EP. 151 - The DARPA Cyber Grand Challenge With David Brumley

FuzzCon TV Tackles Federal Fuzz Testing

FuzzCon TV Tackles Federal Fuzz Testing

FuzzCon TV Tackles Federal Fuzz Testing

[0day] [exploit] Compromising a Linux desktop using. 6502 processor opcodes on the NES?!

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

Open Source Security Podcast EP. 151 - The DARPA Cyber Grand Challenge With David Brumley

OPEN SOURCE SECURITY PODCAST EP. 151-- THE DARPA CYBER GRAND CHALLENGE WITH DAVID BRUMLEY

The Hacker Mind Podcast: Hacking Biology

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

Stay Connected