In today’s production environments, it is not only expected, but critical to keep your technology stack as up-to-date as possible. Staying current helps to mitigate security risks, while also benefiting from bug fixes, performance improvements, and new features and function …
-
2023 Software Conferences in the Philippines
A Report of 2023 Software Conferences in the Philippines for the Java Community and Java User Groups. Sharing the details of the events.
-
Spring Remote Code Execution Vulnerability
I’d like to start by saying that I’m not a security expert. I also won’t link to the exploit. This is a very fresh take on a new vulnerability but there’s already confirmation from Sonatype. The current exploit seems to …
-
Detecting, Investigating and Verifying Fixes for Security Incidents and Zero Day Issues Using Lightrun
Learn about major milestones in app security: finding the issue, evaluating a breach, proving it, and validating the fix!
-
PSA: The Risks of Remote JDWP Debugging
Java Debug Wire Protocol (a.k.a. JDWP) was designed for testing internally. Opening it to production is a HUGE security and stability risk…
-
SolarWinds Hack And The Executive Order Of Cybersecurity: What Does This Mean For Us?
In the past two years, we have had to learn a lot about cybersecurity. New attack vectors are becoming more and more sophisticated and are directed more and more against the value chain in general.
But what does that mean for us? What can be done about it, and what reactions have the state already taken?
-
SAST, DAST, IAST and RASP
In this article, we’re going to look at the differences between the various cybersecurity defence techniques.
My personal opinion on these different approaches is that if you start with DevSecOps or security in IT in general, the SAST approach makes the most sense. This is where the greatest potential threat can be eliminated with minimal effort.
Here you can identify four main groups, which we will go through briefly one after another to illustrate the advantages and disadvantages.
-
CVSS 101: First Steps with Common Vulnerability Scoring System
What is the Common Vulnerability Scoring System (CVSS), who is behind it, what are we doing with it, and what does a CVSS Value mean for you?
With CVSS, we have a value system for evaluating security gaps in software. Since there are no alternatives, the system has been in use worldwide for over ten years and is constantly being developed, it is a defacto standard.
The evaluation consists of three components.