On August 22, 2018, Apache Struts announced a security vulnerability and patch which remediates a critical remote code execution vulnerability. Apache Struts is a Java-based web application platform used by an estimated 65 percent of Fortune 100 companies. With this latest vulnerability, attackers can exploit a web application...
Learn about Facebook, APIs, and Application Data Mining from the product marketing team a WhiteHat Security.
I’d like everyone to pause, and in their minds and hearts say thank you to the hundreds of engineers at various hardware, software, and security vendors who spent their holidays working on OS patches, browser patches, cloud roll-outs and distribution of patches for Meltdown and Spectre.
Well, I called it at the end of 2016. 2017 was a slurry of accusations as well as actual proof found of Russian meddling in U.S. politics via both state infrastructure systems and with regards to online propaganda on social media.
While it’s difficult to get permission from one’s corporate communications team or legal department on chatting with vendors, I was able to secure an interview with one of our financial services customers who use both Dynamic and Source code scanning.
As the news unfolds on Equifax and the latest and greatest of the Apache Struts hacks, a co-worker and I were talking about it amongst ourselves. “Why would someone leave a critical vulnerability unpatched for months?”, my co-worker asked in puzzled tones.
Our aim in creating the Learning Labs is to help everyone – developers, security practitioners, and executives - understand the risks in all applications, help IT staff understand how application security fits into their wider security ecosystem, and help teach developers how to write more secure code to make business safer for customers.
Every time someone comes to me for career advice, or asks where I think they should look for their next big opportunity, I say – “Consider a career in cybersecurity.” It is a huge field with a broad spectrum of job opportunities.
In this article, I’m going to help you interpret how the different parts of this cybersecurity regulation touch on AppSec – that is, your websites, your mobile applications, your internal payment systems and networked third-party services.