programming
Backdoored Ruby gems stole credentials, injected cryptomining code
The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more widespread effort to inject …
Securing modern web apps: A case for framework-aware SAST
If you were to write a web application entirely by yourself, it would be a rather daunting task. You would need to write the UI elements from lower-level APIs, set up and …
Framing supply chain attacks
The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development …
Building security into cloud native apps with NGINX
Companies like Airbnb, Uber and DoorDash, which have a cloud-based software infrastructure as one of their main enablers, are disrupting the hospitality, transportation and …
Popular coding advice doesn’t necessarily equal secure coding advice
Stack Overflow is a hugely popular online forum/Q&A site that many programmers and software developers use to find answers to particular programming problems. …
How students learn to code, evaluate job opportunities
New data from HackerRank reveals the technical skills, learning preferences and career motivators of collegiate software engineers. The findings provide a playbook for …
Countering threats: Steps to take when developing APIs
High profile data breaches resulting from faulty APIs continue to make headlines. In the last few months alone, T-Mobile’s data breach resulted in hackers stealing personal …
Python-based attack tools are the most common vector for launching exploit attempts
Hackers have an obvious predilection for Python-based attack tools, says Imperva. “When examining the use of Python in attacks against sites we protect, the result was …
Secure your open source components automatically, continuously, and silently
In this podcast recorded at Black Hat USA 2018, Azi Cohen, General Manager at WhiteSource, talks about open source lifecycle management. WhiteSource manages open source …
GitHub adds Python support for security alerts
GitHub has announced that its recently introduced feature for alerting developers about known vulnerabilities in software packages that their projects depend on will now also …
George Gerchow, CSO at Sumo Logic: Our DevSecOps strategy
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, their purpose-built, cloud-native service analyzes more than 100 …
Four common API vulnerabilities and how to prevent them
Proper security measures are one of the most important aspects of building an application programming interface, or API. It’s great for an API to connect systems and give …