Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

My New Year's Resolution As A Java Dev | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
Join me on a journey to improve Java development skills and learn about a new software testing approach called fuzz testing. In this series, I'll share my experiences using fuzz testing tools like CI Fuzz, OWASP Zap, OSS-Fuzz, and Jazzer to hunt for bugs and vulnerabilities in Java software. I'll also delve into the world of CVE hunting and best practices for uncovering common web vulnerabilities like Denial of Service and Remote Code Execution. Subscribe to stay updated on new episodes and get access to helpful links, tools, and blog posts. Let's improve our Java skills together!
View Video

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.
View Video

How to Find Bugs In Java at Scale With CI Fuzz CLI and JUnit | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
In this video, I demonstrate how to use CI Fuzz CLI, a simple and easy-to-use fuzz testing tool, to find unexpected bugs and vulnerabilities in Java software. I walk through the process of setting up and running a fuzz test, including creating a configuration file, adding dependencies to a Maven project, and writing JUnit-compatible fuzz tests. If you're interested in learning more about fuzz testing as a complementary approach to unit testing, this video is for you.
View Video
stripe olt

The importance of back up and DR

Dec 22, 2022 By Stripe OLT In Stripe OLT

Where would your business be without its data? As the building blocks of any organisation, data is unquestionably integral. Hence why making sure it’s backed up properly should be an essential part of any company’s business continuity plan. At Stripe OLT, we often talk about the loss of data from a cyber-security perspective, however it’s also important to recognise that data loss is also caused by hardware failure and human error.

Read Post
Trustwave

Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT

Dec 21, 2022 By Trustwave In Trustwave

After Microsoft announced this year that macros from the Internet will be blocked by default in Office, many threat actors have switched to different file types such as Windows Shortcut (LNK), ISO or ZIP files, to distribute their malware. Nevertheless, Office documents are still actively leveraged in many campaigns and pose a large risk to organizations, especially with threat actors continuously finding new ways to avoid detection.

Read Post
alienvault

Top bug bounty platforms for organizations to improve security

Dec 21, 2022 By Danyal Zafar In AT&T Cybersecurity

As mentioned in Wikipedia: “A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities”. For instance, Company ‘A’ wants to audit/test it’s apps i.e., web & mobile apps for security vulnerabilities & bugs, it will have two options.

Read Post
CrowdStrike

10 Questions to Help You Choose the Right Log Management Solution

Dec 21, 2022 By Arfan Sharif In CrowdStrike

A good log management solution powers observability for security, engineering, IT and compliance teams. But with so many options available, how do you choose the right one? When evaluating potential log management solutions, start by asking these 10 questions to find the right balance of security, performance and value based on your requirements — and to reveal any limitations that could potentially hold you back.

Read Post
armo

CVE-2022-47633: Kyverno's container image signature verification can be bypassed by a malicious registry or proxy

Dec 21, 2022 By Ben Hirschberg In ARMO
Security researchers at ARMO have found a high-severity vulnerability in the Kyverno admission controller container image signature verification mechanism. The vulnerability enables an attacker who is either running a malicious container image registry or is able to act as a proxy between the registry and Kyverno, to inject unsigned images into the protected cluster, bypassing the image verification policy. The vulnerability was introduced in version 1.8.3 and was fixed in version 1.8.5.
Read Post
kroll

Cyber Threat Intelligence Series: A Lens on the Healthcare Sector

Dec 21, 2022 By Kroll In Kroll

A review of recent Kroll incident response cases consistently proves that the healthcare industry is one of the most frequently targeted sectors. This observation mirrors what is experienced by national cybersecurity agencies as multiple warnings have been launched during 2022, highlighting how ransomware gangs and nation state actors are now aggressively targeting healthcare institutions.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.