Gary McGraw on BSIMM7 and Secure Software Development

Mike Mimoso talks to Cigital CTO and software security pioneer Gary McGraw about the latest results pulled from the Building Security In Maturity Model BSIMM. The framework measures the secure development activities of some of the world’s largest software companies and enterprises and can be used...

[SECURITY] Fedora 23 Update: python-django-1.8.15-1.fc23

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 24 Update: python-django-1.9.10-1.fc24

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 25 Update: python-django-1.9.10-1.fc25

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 25 Update: mojarra-2.2.13-1.fc25

JvaServerTM Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly bui ld web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring...

[SECURITY] [DSA 3689-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2016 https://www.debian.org/security/faq -...

Pavian Systems CMS SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Pavian Systems CMS SQL injection Vulnerability Exploit Author : xBADGIRL21 Vendor Homepage : http://paviansystems.com/ Dork : All Rights Reserved. Design by paviansystems. Tested on: WINDOWS 7 MyBlog :...

Cloud, IoT Big Factors in Annual BSIMM 7 Report

Bad software equals insecure software, and companies don’t have to accept this status quo. That’s both the takeaway and goal of Cigital’s seventh annual Building Security in Maturity Model report released Tuesday. The report reveals that the cloud, application containers, and agile software...

One Click Symbolic Execution: Ponce

Ponce pronounced ‘poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...

Moderate: Red Hat Security Advisory: rh-ror41-rubygem-actionview security update

An update for rh-ror41-rubygem-actionview is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Mobile APP vulnerabilities automated detection platform construction-vulnerability warning-the black bar safety net

Preface: this article is the mobile APP Client Security The notes of the series of original articles in the first article, mainly about enterprise mobile APP automated vulnerability detection platform construction, mobile APP vulnerability detection history with cutting-edge technology, the APP...

[SECURITY] Fedora 23 Update: libgcrypt-1.6.6-1.fc23

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

Microsoft Adds .NET Core, ASP.NET to Bug Bounty Program

Microsoft is stepping up its bug hunting efforts surrounding its Visual Studio development suite, adding Microsoft .NET Core and ASP.NET Core to its Bug Bounty program. The bounties opened yesterday and will run “indefinitely,” according to Microsoft. The bounty program includes the Windows and...

So I lost my OpenBSD FDE password

The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase. We know things get interesting when I lose a password. I did a weak attempt at finding some public bruteforce tool, and found nothing...

[SECURITY] Fedora 25 Update: libgcrypt-1.6.6-1.fc25

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

l0l - The Exploit Development Kit

l0l a exploit development kit. with C++ language scripting. Yet, are being developed. Then the beta version will be published. Status Shellcodes : 5 Injectors : 0 Encoders : 0 Backdoors : 6 Install - Requirements : g++ and Python. $ make or, l0l.cpp compile the file.. Exp: $ g++ -o l0l l0l.cpp Ru...

java security update

CentOS Errata and Security Advisory CESA-2016:1776 An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Happy Birthday! LINUX Turns 25 Years Old Today

Linux has turned 25! Dear all, today is August 25, 2016, and it is time for the celebration, as it's the 25th Anniversary of the Linux project, announced by its creator, Finnish programmer Linus Torvalds, on August 25, 1991. Who can forget one of the most famous messages in the computing world...

[SECURITY] Fedora 24 Update: libgcrypt-1.6.6-1.fc24

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

Eclipse Development Framework File Inclusion Vulnerability

Eclipse is an extensible Java-based development platform that supports the development of JAVA, PHP, C++ and other languages. The Eclipse development framework has a file inclusion vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information or launch further...