Code
Mitigating Lurking Threats in the Software Supply Chain
The first step to addressing software supply chain vulnerabilities and threats is to understand the most common attacks. Here's where to start ...
Security Boulevard
How to use DSF Collections & Index Patterns – A Tutorial
In conventional terminology, Imperva Data Security Fabric (DSF) is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting (Playbooks), and self-service data discovery (Kibana-based Discover) ...
Why Are APIs so Easy for Threat Actors to Exploit?
Lax API security creates the perfect window of opportunity, often with a low barrier to entry. Cybercriminals are eager to exploit it ...
Security Boulevard
AI, Processor Advances Will Improve Application Security
Applications may soon become more secure as code written by artificial intelligence (AI) platforms finds its way onto next-generation secure processors. Matt Jarvis, director of developer relations for Snyk, told attendees at ...
Security Boulevard
Debunking 5 Myths About Detection-as-Code
Would you let misconceptions keep you from adopting a tool that can help your security team do its best work? In my ten years of building security monitoring solutions, I learned that ...
Security Boulevard
Find command injection in source code
Using Ocular to search for command injection in an application by tracing dataflowWhen learning how to find, exploit, or prevent different types of security vulnerabilities, you’ll want to understand the vulnerability’s root causes ...
What is a false positive and why is having a few around a good sign?
Why false positives in security tools could be a positive, and why you should not go after the lowest false positive rates possible.“We want a security tool with low false positives. Our ...
An Optimisation Story: Building a Code Scanner for Large Golang Apps
This post will shed some light on how we were able to optimise one of our frontends, reducing the typical project’s run time by half. We’ll also take a look at some ...
Detecting and Exploiting XXEs: AppSec Simplified
Finding XXE vulnerabilities in applications via code analysisWelcome back to AppSec Simplified! Last time, we talked about the fascinating XXEs vulnerabilities and how they can affect your application. If you are not already ...
5 Reasons Why Mobile Application Security Fails
Traditionally, large organizations and the enterprise have been the focus for hackers and malicious attacks, but in recent years, the rise of sophisticated hacking tools and leaked databases on the dark web, ...
Security Boulevard