Security13 articles

Find out about Checkov, which scans cloud infrastructure configurations to find misconfigurations before they’re deployed.

There are multiple ways to store sensitive passwords. And while having choices can be great, in the context of password storage, picking wrong can be a security nightmare. With that in mind, let’s hash out some of your options 🥁🥁.In this article …

Watch a 10 minute discussion on Log4j, security processes and prioritization, and how Payara dealt with the vulnerability.

Learn about common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j.

Learn about major milestones in app security: finding the issue, evaluating a breach, proving it, and validating the fix!

I’m afraid the deprecation of the Security Manager just added several lines to that risk, all linked to running untrusted code.

Java Debug Wire Protocol (a.k.a. JDWP) was designed for testing internally. Opening it to production is a HUGE security and stability risk…

What is the Common Vulnerability Scoring System (CVSS), who is behind it, what are we doing with it, and what does a CVSS Value mean for you?

With CVSS, we have a value system for evaluating security gaps in software. Since there are no alternatives, the system has been in use worldwide for over ten years and is constantly being developed, it is a defacto standard.

The evaluation consists of three components.

Again and again, we read in the IT news about new security gaps that have been identified.

Most of the time, you don’t even hear or read anything about all the security holes found that are not as well known as the SolarWinds Hack, for example.

But what is the typical lifecycle of such a security gap?

The npm Registry is vulnerable to supply chain namespace shadowing, also known as “Dependency Confusion” attacks.

Make sure you create npm scoped packages and force exclude patterns.