CI Fuzz - Monthly Coffee Hour
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
April 2023
Code Intelligence Finds Vulnerability in MySQL JDBC Driver - CVE-2023-21971
Affected applications are at a higher risk of severe availability issues.
New Vulnerability in MySQL JDBC Driver: RCE and Unauthorized DB Access
We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023. The vulnerability was found as part of our collaboration with Google’s OSS-Fuzz.
How to Run a SAST test: The Dev Tutorial
If you prioritize long-term security and success, you should be analyzing your applications from the inside out. Enter Static Application Security Testing (SAST), a proactive method of identifying and addressing security vulnerabilities in an application’s source code before deployment.
CI DevSecOps Series - Level Up Your Tests
Building secure and reliable APIs is an essential and challenging endeavor. Traditional API testing approaches perform blackbox testing and test the application through the network. This is both slow and lacks deep insights into how the tested application handles API requests. Also, it happens late in the software development lifecycle as it requires a complete application deployment.
Code Intelligence Uncovers Another Expression Denial of Service Vulnerability in Spring - CVE-2023-20863
Affected applications are at a higher risk of severe availability issues.
Another Expression DoS Vulnerability Found in Spring - CVE-2023-20863
Just recently, our open-source fuzzing engine Jazzer found an Expression DoS vulnerability in Spring (CVE-2023-20861). Now, three weeks later, Jazzer found another similar Expression DoS in the Spring framework, labeled CVE-2023-20863. This new finding has an even higher CVSS score of 7.5 (high), compared to the previous finding which came in at 5.3 (medium).
Developer-centric DAST with Bright Security
Security testing is increasingly viewed as an essential part of the software development lifecycle (SDLC). Traditionally, agile software development has focused on development velocity, rapid market feedback, and delivering high quality products and services. However, software that's vulnerable to cyber attacks is not valuable to end users and creates huge risks for both customers and software vendors. This makes it critical to integrate security testing into the software development process.
CI Fuzz - Monthly Coffee Hour
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
Integrating Fuzzing Into Automotive Security
Fuzz testing is a popular testing approach used to find bugs in C/C++ and embedded software, particularly memory corruptions. It has proven effective for identifying obscure bugs that are difficult to find through other testing methods. This testing approach is increasingly being adopted by automotive companies to comply with new security standards, save time, mitigate costs, and improve software quality. Let's have a look at how fuzzing is helping all of these automotive companies.
Polaris: Your no-compromise SaaS AST solution
Polaris Software Integrity Platform® – a SaaS application security testing solution delivering speed without compromise. Faster, faster, faster. The pressure is on to do business faster, to develop faster, and to secure all of this with faster and faster AppSec. Businesses want to release products, services, and apps to their customers on shorter and shorter release cycles.