Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

veracode

Are You Targeting These Risky Red Zone Vulnerabilities?

Apr 23, 2021 By Meaghan McBee In Veracode

Modern software development is full of security risk. Factors like lingering security debt, insecure open source libraries, and irregular scanning cadences can all impact how many flaws dawdle in your code, leading to higher rates of dangerous bugs in susceptible and popular languages.

Read Post

How to prevent OWASP API Top 10 security vulnerabilities? API attack prevention

Apr 22, 2021 By Cyphere In Cyphere
Broken object level authorization Broken user authentication Excessive data exposure Lack of resources and rate limiting Broken function level authorization Mass assignment Security misconfiguration Injection Improper assets management Insufficient logging and monitoring Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.
View Video

Kubernetes Quick Hits: Use SecurityContext to run containers with a read-only filesystem

Apr 22, 2021 By Snyk In Snyk
In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. In less than four minutes, you’ll learn how to use the readOnlyRootFilesystem control to keep your containers immutable and safe from modification by hackers and misbehaving code. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
View Video
nightfall

How to Future Proof Your System Against a Zero Day Exploit

Apr 22, 2021 By Nightfall In Nightfall

Earlier this year, Kaspersky researchers discovered a zero day exploit hidden in Desktop Windows Manager. The exploit, designated as CVE-2021-28310, is known as an escalation of privilege (EoP) exploit, which allows attackers to gain access or a higher-level user permission to systems and platforms than an administrator would permit. Though patches have since been released, it’s not yet known how extensive the damage from this zero day exploit is yet.

Read Post
splunk

Streamlining Vulnerability Management with Splunk Phantom

Apr 22, 2021 By Kelly Huang In Splunk

Vulnerabilities are weaknesses in the security infrastructure that bad actors can exploit to gain unauthorized access to a private network. It is nearly impossible for security analysts to patch 100% of the vulnerabilities identified on any given day, but a vulnerability management plan can ensure that the highest risk vulnerabilities (those that are most likely to cause a data breach), will be addressed immediately.

Read Post
appknox

The Ultimate Guide To OWASP Security Checks for Web and Mobile Apps

Apr 22, 2021 By Appknox
When you are looking for genuine, inexpensive unbiased information to make your application secure, there is no better source to go to than OWASP. OWASP gives you guidelines to the industry's top threats and security best practices that help ensure your applications are secured. Take a look at this FREE OWASP Guide that covers vulnerabilities from both web and mobile to give you a comprehensive overview of your application's security status.
Get EBook
upguard

Urgent: 5 CVEs being exploited right now by SVR

Apr 20, 2021 By Edward Kost In UpGuard

The mastermind that orchestrated the SolarWinds attack may finally have a name. On Thursday, April 15th, the White House officially announced that the Russian Foreign Intelligence Service (SVR) - also known as APT 29, Cozy Bear, and The Dukes - was responsible for the campaign that exploited the SolarWinds Orion platform. But the attacks are not over yet. A joint advisory from the U.S.

Read Post
Featured Post
outpost 24

4 ways Security and DevOps can collaborate to reduce application vulnerabilities

Apr 19, 2021 By Simon Roe In Outpost 24
Today's organisations are operating in a digital landscape filled with complexities and vulnerabilities. Increasingly, the applications and technologies businesses use to facilitate crucial business operations and connect people are at the mercy of cybercriminals - who are eager to attack from the shadows exploiting and stealing sensitive information held within these everyday applications. As such, security and DevOps teams need a collaborative approach to address and triage application vulnerabilities that continually present themselves - despite each team having different overall objectives.
Read Post
Snyk

Code Dx 5.3 integrates with Snyk for comprehensive vulnerability management

Apr 19, 2021 By Utsav Sanghani In Snyk

The Code Dx team is pleased to announce the general availability (GA) of Code Dx 5.3, which notably features an integration with Snyk to help customers integrate open source and container security into their continuous development processes. As we move toward a cloud native world, we’re working to ensure that developer-first tooling, secure cloud infrastructure, container security, and open source tools are fully integrated into Code Dx 5.3.

Read Post
Subscribe to Vulnerability

Copyright © 2024 OpsMatters™. All rights reserved.