Code Intelligence Uncovers Expression Denial of Service Vulnerability in Spring - CVE-2023-20861
Affected applications are at a higher risk of severe availability issues.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Expression DoS Vulnerability Found in Spring - CVE-2023-20861
As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.
CI Rewind - Historical Vulnerabilities in the Automotive Space
Join our CI Rewind and Learn how to Identify and Fix Common Bugs in Automotive Software In this replay of his talk at FuzzCon Europe - Automotive Edition 2022, CARIAD's Andreas Weichslgartner shows how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development. He revisits historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software.
Mend SAST Administration - User Interface Walkthrough
Mend SAST is a SAST (Static Application Security Testing) solution for performing deep and extensive security analysis of application source code. Mend SAST is easy to use, requires almost no user input, and can be deployed during or after development with easy integration into a DevOps environment and CI/CD pipeline. The solution provides an excellent way to automate code inspection as an alternative to the demanding and time-consuming procedure of manual code reviews. Mend SAST supports all major languages and their frameworks, from Android Java to Xamarin C#.
11 Tips for Unit Testing in Java
Unit testing is an important part of software development and is considered a crucial step in ensuring the quality and accuracy of the code. It helps in identifying bugs and issues early on in the development cycle, which ultimately results in delivering high-quality software. Java is renowned for being one of the most versatile languages in programming, and it offers a wide selection of unit testing frameworks and tools.
CI Rewind - Introduction to JavaScript Fuzzing
JavaScript is widely used in backend and frontend applications that rely on trust and good user experience, including e-commerce platforms, and consumer-apps. Fuzz testing helps secure these applications against bugs and vulnerabilities that cause downtime and other security issues, such as Crashes, Denial-of-Service (DoS) and Uncaught Exceptions. In this session, you will learn about.
SAST Tools: How to Integrate and Scale Security Workflows in the SDLC
Static Application Security Testing (SAST) tools present a significant opportunity for organizations looking to reduce application security risk. However, not all workflows or tools are created equal. Using the right SAST tools at the right times, you can seamlessly integrate and scale security workflows throughout the software development lifecycle (SDLC).
Fuzzing in Jest - One Unified Workflow for Functional and Security Testing
In this coding session, fuzzing expert Josh Grant will demo how the integration of Jazzer.js into Jest enables a unified workflow for functional and security testing in JavaScript. All with the familiar look and feel of a unit test.