AI adoption continues to move at a breakneck speed for businesses across the globe, as shown in a Coatue report comparing AI adoption to early internet adoption and found that AI growth is happening at two times the speed of the former.

In the fast-paced world of modern software development, grasping the full scope of an application is essential for managing an application security program. This entails having visibility into all the application assets involved in building the app, knowing their ownership, and understanding their importance to the development process and the broader business.

Recent critical vulnerabilities in ServiceNow, a widely used cloud platform, have put numerous organizations at risk of data breaches. Threat actors are exploiting these input validation flaws, enabling remote code execution and unauthorized access. Despite recent fixes, government agencies, data centers, and private firms remain targeted. This blog highlights how these flaws are exploited for data theft and outlines security measures to mitigate these risks.

Welcome, fellow developers! In this blog post, we are going to delve deep into the world of application security, specifically focusing on a vulnerability that can deteriorate FastAPI security: Denial of service (DoS) caused by insecure regular expressions (regex).

AI has completely changed how we live, work and play. With its unparalleled efficiency, ongoing learning abilities and its detailed precision, it makes short work out of what used to be more complex and cumbersome tasks. Although AI systems are incredibly powerful and only growing in capacity and scale, they’re not without their challenges. Like other types of programs and infrastructures, AI is not immune to vulnerabilities and security issues.

On July 17, 2024, SolarWinds published a security advisory detailing multiple critical vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities were responsibly disclosed to SolarWinds by researchers working with Trend Micro’s Zero Day Initiative (ZDI). The vulnerabilities have CVSS scores ranging between 7.6 to 9.6. The disclosed vulnerabilities allow for remote code execution (RCE), directory traversal, information disclosure, and authentication bypass.

WannaCry, Log4j, Follina, Spring4Shell — these incidents send shivers down the spines of anybody who works in IT or security. Zero-day vulnerabilities are unknown or unaddressed exploitable software or hardware security flaws that are typically unknown to the vendor and for which no patch or other fix is yet available.

SQL injection (SQLi) is one of the most severe security vulnerabilities in web applications. It occurs when an attacker is able to manipulate the SQL queries executed by an application by injecting malicious SQL code into user input fields. SQLi can lead to unauthorized access to sensitive data, data corruption, or even complete control over the database server.