Technology

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence

In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.

View Video

Code Intelligence

Read more about Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Microsoft Fined Euro60 Million Over Advertising Cookies

Dec 22, 2022 By Application Security Weekly In ImmuniWeb

Read also: Okta’s source code stolen after GitHub hack, Android apps are leaking API keys, and more.

Read Post

ImmuniWeb

Read more about Microsoft Fined Euro60 Million Over Advertising Cookies

Cloud security updates you need to know from re:Invent 2022

Dec 21, 2022 By Shilpi Bhattacharjee, Ashish Rajan In Snyk

After a two-year hiatus (virtual in 2020 and hybrid in 2021), AWS re:Invent was back in person this year in its full glory. Over 52,000 people attended — more than we saw at RSA (26,000) and Blackhat USA (21,000) combined this year.

Read Post

Snyk

Read more about Cloud security updates you need to know from re:Invent 2022

Sysdig Secure and Google Security Command center Integration - Why, What, How

Dec 21, 2022 By Durgesh Shukla In Sysdig

Sysdig is a premier Google Cloud Platform (GCP) partner and has been working with Google towards the common goal of supporting our customers and securing their cloud journey for the last seven years. Sysdig is focused on securing and monitoring workloads running on Google Cloud – including Google Kubernetes Engine (GKE), Autopilot, Anthos, and more. All these various elements of GCP can be protected using Google Security Command Center. Learn more about how to enhance your GCP security.

Read Post

Sysdig

Read more about Sysdig Secure and Google Security Command center Integration - Why, What, How

Arctic Wolf Labs Named Open-Source Tool Creator of the Year by SANS Institute

Dec 21, 2022 By Arctic Wolf Labs In Arctic Wolf

“It’s about doing good and doing it exceedingly well.” This was how Daniel Thanos, Head of Arctic Wolf Labs, described the work of Arctic Wolf Labs when accepting the award for Open-Source Tool Creator of the Year, as voted by the SANS Insitute community at the 2022 Difference Makers Awards. This prestigious awards program “honors individuals and teams in the cyber security community who have made a measurable and significant difference in security.”

Read Post

Arctic Wolf

Read more about Arctic Wolf Labs Named Open-Source Tool Creator of the Year by SANS Institute

Secure your application development with AWS and Mend

Dec 21, 2022 By Mend In Mend

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.

View Video

Mend

Read more about Secure your application development with AWS and Mend

Panel recap: Breaking Bad Security Habits with Corey Quinn

Dec 20, 2022 By Erin Cullen In Snyk

On December 8th, Clinton Herget and Simon Maple, Field CTOs at Snyk, had the opportunity to chat with Corey Quinn, Chief Cloud Economist at The Duckbill Group, podcast host, curator of “Last Week in AWS”, and snarky Twitter personality. Their conversation took a lot of fun turns, from ranting about the hour-long line to get coffee at AWS re:Invent, to Corey proclaiming that “SBOMs are a fantasy” (there’s more context to that… keep reading).

Read Post

Snyk

Read more about Panel recap: Breaking Bad Security Habits with Corey Quinn

ChatGPT: Emerging AI Threat Landscape

Dec 20, 2022 By Trustwave In Trustwave

ChatGPT has been available to the public since November 30, 2022. Since then, it has made headlines – from being temporarily banned from Stack Overflow because, “while the answers ChatGPT produces have a high rate of being incorrect, they typically look like they might be good, and the answers are very easy to produce,” .

Read Post

Trustwave

Read more about ChatGPT: Emerging AI Threat Landscape

Building a resilient IT infrastructure: Where do enterprises start?

Dec 19, 2022 By PAM360 In ManageEngine

The shift towards hybrid work models has expanded the perimeters of work, adding to the burden on IT teams as they fight to stay resilient in the face of increased attack surfaces. All it takes for an invasion into an enterprise’s IT infrastructure is one compromised identity. So, what are enterprise identities? These are the user names, passwords, networks, endpoints, applications, etc., that act as gateways to business-sensitive information.

Read Post

ManageEngine

Read more about Building a resilient IT infrastructure: Where do enterprises start?

Cloud Threats Memo: State-sponsored Threat Actors Continue to Abuse Legitimate Cloud Services

Dec 19, 2022 By Paolo Passeri In Netskope

Threat actors exploiting cloud services are keeping me very busy in these final days of this troubled 2022. The main character of this Cloud Threats Memo is MuddyWater (also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros), one of the most prolific cyber espionage groups, active since at least 2017, and believed to be a subordinate element within Iran’s Ministry of Intelligence and Security (MOIS).

Read Post