Black Duck Security Advisories provide actionable advice and details about open source vulnerabilities to help you improve your remediation activities. A vulnerability is a software bug that hackers can exploit to attack an application. Ideally, software is written so as to proactively thwart the efforts of bad actors, but that is often not the case.

Listed as #1 on the OWASP Top 10 list, broken access control is when an attacker can gain unauthorized access to restricted information or systems. Access control ensures that people can only gain access to things they’re supposed to have access to. When access control is broken, an attacker can obtain unauthorized access to information or systems that can put an organization at risk of a data breach or system compromise.

Your organization could be at risk if you’re not handling hard-coded secrets properly. The Synopsys AST portfolio has you covered at every stage of the SDLC. By: Ksenia Peguero, Naveen Tiwari, Lijesh Krishnan, and DeWang Li The most severe vulnerabilities in a system or application can be caused by an easily overlooked issue—for example, a leaked hard-coded secret can allow an attacker to steal data or compromise a system.

Learn how to choose React Native libraries that abide by application security principles in order to build secure mobile applications.

In this new Cybersecurity Research Center series, we analyze the OWASP Top 10, which is a list of the most common vulnerabilities in web applications. In application security, the Open Web Application Security Project (OWASP) Top 10 list is a valuable resource for DevSecOps teams that oversee the development and security of web applications. The OWASP Top 10, updated every four years, lists the most common vulnerabilities in web apps based on a consensus among contributors from the OWASP community.

A look in the rearview can tell you a lot about the future, so we revisited the top cyber security stories of 2022 with experts in the field. Yes, ‘tis the season when cyber security experts gaze into the crystal ball to tell us what to expect in the coming year, which is fine, but it’s also good to look in the rearview at a year that will be over next week, both for what happened but also for what it all might mean and what we can learn from it.

Seeker IAST helps organizations achieve continuous testing without creating friction in DevOps pipelines. In traditional security, developers run tests for code security and operators ensure that firewalls and other protections work in the production environment. Access control and other tasks are handled by security experts and managers. DevSecOps uses version control and CI/CD pipelines to configure and manage security tasks automatically, across all teams, before deployment.

With an average of 500 components in an application, it’s difficult to know what’s in your software. The right security tools and expertise are here to help. A software Bill of Materials (SBOM) is an inventory of what makes up a software application: the “ingredients list” of everything in it. There’s pressure today for companies to make SBOM information available, and it has implications for who is liable when there are issues in the software.

CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483 are remote code execution vulnerabilities in three popular mouse and keyboard apps.

See examples of custom and variant licenses and how Black Duck Audits flag these licenses to help legal teams evaluate software risk. An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code.