Lucene search
K

19 matches found

CISA
CISA
added 2025/06/24 12:0 p.m.5 views

New Guidance Released for Reducing Memory-Related Vulnerabilities

Today, CISA, in partnership with the National Security Agency NSA, released a joint guide on reducing memory-related vulnerabilities in modern software development. Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages MS...

7.6AI score
Exploits0References4
Wiz blog
Wiz blog
added 2024/12/09 12:0 p.m.9 views

Authorized Agility: Wiz adds Code Security in the FedRAMP offering (Wiz for Gov)

Wiz is excited to announce the addition of Wiz Code into our Wiz for Gov offering, enabling organizations to visualize attack paths from cloud-to-code and bring guardrails into the software development lifecycle...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/02 2:11 p.m.6 views

A Guide to Securing AI App Development: Join This Cybersecurity Webinar

Artificial Intelligence AI is no longer a far-off dream—it's here, changing the way we live. From ordering coffee to diagnosing diseases, it's everywhere. But while you're creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is an opportunity—and a...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/27 11:25 a.m.31 views

The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left

As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/31 11:45 p.m.25 views

Financial services company OneMain fined $4.25 million for security lapses

A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...

6.6AI score
Exploits0
MSRC
MSRC
added 2023/04/11 7:0 a.m.23 views

Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar wi...

6.7AI score
Exploits0
MSRC
MSRC
added 2023/04/11 7:0 a.m.9 views

Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with vario...

7.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/09/19 6:22 p.m.11 views

Software supply chain security is coming of age

Coalfires first Securealities Software Supply Chain Risk Report revealed dramatic budget increases for enterprise security in general and a growing demand for more testing, training, and process improvements in the battle to defend digital assets. But perhaps the most significant takeaway from th...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/01 1:58 p.m.22 views

Shift Left: Secure Your Innovation Pipeline

There’s no shortage of buzzwords in the tech world. Some are purely marketing spin. But others are colloquial ways for the industry to talk about complex topics that have a massive impact on how organizations and teams drive innovation and work more efficiently. Here at Rapid7, we believe the...

Exploits0
Microsoft Secure
Microsoft Secure
added 2021/03/29 4:0 p.m.29 views

How to build a successful application security program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

7AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/03/29 4:0 p.m.35 views

How to build a successful application security program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

7AI score
Exploits0
CNVD
CNVD
added 2021/03/05 12:0 a.m.12 views

Micro Focus Solutions Business Manager Cross-Site Scripting Vulnerability (CNVD-2021-18312)

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A cross-site...

4.9CVSS6.1AI score0.00305EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/04/30 7:28 p.m.41 views

Building for Billions: Addressing Security Concerns for Platforms at Scale

Security operations once consisted of a multitude of manual operations based around alerts, thresholds and severity levels. As systems scale and platforms continue to grow, how do you keep up with the growing requirements to secure these transactions and the networks they are built upon?...

6.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/04/01 3:0 p.m.10 views

Students Built Open Source Web-Based Threat Modeling Tool

Threat models help application developers answer some fundamental questions about potential risks and how to cut off vulnerabilities before they’re put into production. Some software development lifecycles, however, don’t include threat modeling as part of the code-building process because they’v...

0.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/02/16 1:59 p.m.42 views

Lessons Learned in Building a Vulnerability Coordination Program

CANCUN – Bounty programs are mislabeled creatures, too often pigeonholed as a payoff for finding individual vulnerabilities in software. Wrong. “The name bug bounty is actually a false categorization of what is truly just an incentive program,” said Katie Moussouris, chief policy officer at...

9.3CVSS8.9AI score0.99945EPSS
Exploits33
ThreatPost
ThreatPost
added 2012/09/20 3:19 p.m.12 views

Disconnect Between Application Development and Security Getting Wider

There is a widening gulf between application developers and security decision makers inside the enterprise, and it’s starting to cost companies serious money. Sure there’s been lots of talk about the need for better static and dynamic web application testing tools and the need for a formalized...

8.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2011/09/13 11:0 a.m.8 views

The Past, Present and Future of Software Security

Perhaps no segment of the security industry has evolved more in the last decade than the discipline of software security. At the start of the 2000s, software security was a small, arcane field that often was confused with security software. But several things happened in the early part of the...

Exploits0
exploitpack
exploitpack
added 2010/10/02 12:0 a.m.40 views

SmarterMail 7.2.3925 - LDAP Injection

SmarterMail 7.2.3925 - LDAP Injection Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Test...

5CVSS0.03134EPSS
Exploits13
securityvulns
securityvulns
added 2008/12/15 12:0 a.m.129 views

Multiple XSS Vulnerabilities in World Recipe 2.11

Armorize Technologies Security Advisory Armorize-ADV-2008-0001 Title: Multiple XSS Vulnerabilities in World Recipe 2.11 Date: 2008/12/15 Status: Full Class: Input Validation Error Bugtraq ID: N/A Category: Cross Site Scripting Language: ASP.NET C Description Armorize-ADV-2008-0001 discloses...

0.3AI score
Exploits0
Rows per page
Query Builder