The security industry generally agrees on the value of enabling developers in an agile environment—although we don’t agree on what to call it… “Shifting Left,”…
Security and privacy technical analysis of TikTok, subtle parsing problems, chain of trust through a CI/CD pipeline, faster fuzzing even without source code, interplay of…
The OWASP Top 10 2021 is in development. A public survey has just been released. We have finished collecting data. I would like to discuss…
This week, in the Leadership and Communications section, The importance of culture in digital transformation, 4 ways to keep the cybersecurity conversation going after the…
Software safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts,…
Sponsored By Visit https://securityweekly.com/PrismaCloud for more information! Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy…
Making security engineering successful, Go’s supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do…
Sponsored By Visit https://securityweekly.com/capsule8 for more information! In most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While…
This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking…
Filter By:
Malicious PHP Commits, OAuth Attacks & XML Injection, & Zines For DevSecOps – ASW #146
PHP deals with two malicious commits, SSO and OAuth attack vectors to remember for your threat models, zines for your DevSecOps education! Visit https://www.securityweekly.com/asw for…