Vulnerability scanning plays a crucial role in safeguarding applications and systems. By utilizing advanced software tools, it detects weaknesses or ‘vulnerabilities’ in computer systems that could be exploited by malicious individuals to compromise the system or steal valuable data.

In a new threat briefing report, Forescout Vedere Labs looks back at the most relevant cybersecurity events and data between January 1 and July 31, 2023 (2023H1) to emphasize the evolution of the threat landscape. The activities and data we saw during this period confirm trends we have been observing in our recent reports, including threats to unmanaged devices that are less often studied.

During a recent customer engagement, I came across an instance of a rather rare vulnerability class called HTTP request smuggling. Over the course of several grueling days of exploit development, I was eventually able to abuse this vulnerability to trigger a response queue desynchronization, allowing me to capture other users’ requests, leading to session hijacking.

Synopsys researcher discovers vulnerabilities CVE-2023-2453, CVE-2023-4480 in PHPFusion.

JavaScript runtimes help you build advanced, server-driven JavaScript projects that aren't dependent on the user's browser to run. There are several choices of runtimes available, with the supremacy of the old stalwart Node.js being challenged by Deno and Bun. Deno is the latest project produced by the same developer who originally created Node.js, Ryan Dahl, back in 2009.

Today, we are proud to announce the beta version of SocketSleuth, our new Burp Suite extension for performing security testing against WebSocket-based applications. SocketSleuth was created out of our security research group to aid in our security research against applications that leverage WebSockets for communication.

Topgolf Callaway is a powerful golf company that offers modern golfing entertainment, as well as selling golf equipment in most areas of the world. The organization maintains online and in-person stores in many different countries and sells to millions of customers annually. With so much customer data exchanging hands through this company and its many retailers, everyone involved is at risk because of a recent security vulnerability.

One of the most vital things to get right in application security is dependency management, and to achieve this, your suite of AppSec tools must be up to date. This means that your vulnerability scanning, detection, and remediation capabilities must be able to identify and address the newest and most exploited vulnerabilities. Do you know what these vulnerabilities are? Have you got them covered? With the help of some of the world’s leading cybersecurity authorities, you can be.

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

At this year’s AWS re:Invent, Mic McCully, Field CTO at Snyk, spoke with Jacob Salassi, Director of Product Security at Snowflake. They discussed what it looked like for Snowflake to overcome various security challenges with the right combination of processes, company culture shifts, and tool partners (including Snyk!). Read on to learn about the practices Jacob and his team established to create a successful application security program.