handmade.social admin @maker

0 posts0 participants0 posts today

**Dan Fernandez** @danielfernandez@infosec.exchange · Nov 18, 2024

Nov 18, 2024

Dan Fernandez @danielfernandez@infosec.exchange

Interesting finding on application dependencies from Sonatype State of Open Source Report.

Most Pulled Ecosystems
- JS: 4.5 Trillion
- Python: 530 Billion
Outdated software continued to be pulled
- 13% of Log4J downloads are vulnerable
- 80% of Application dependencies are never upgraded

Language Ecosystems Coverage
- Only 10.5% of open-source components are actively used out of the 7 million available
- 180 is the average number of Open Source components per application

Vulnerability Remediation
- The report states the average fix times for even critical vulnerabilities is 200-250 days, with some taking over 500 days to fix.

What application frameworks are you mostly using in your environment? What makes it challenging for application development teams to keep all dependencies up to date during initial development and once in production?

#applicationsecurity #supplychainsecurity #applicationdevelopers

**Josh Summitt** @null0perat0r@infosec.exchange · Nov 12, 2024

Nov 12, 2024

Josh Summitt @null0perat0r@infosec.exchange

Check out how you can use Faction to create an entire #pentesting report in less than 3 minutes.

#appsec #redteam #owasp #cybersecurity #hacking #applicationsecurity

https://youtu.be/D897o5Ks7pY

YouTubeCreate a PenTest Report in less than 3 MinutesBy Faction Security

**Pyrzout** @jos1264@social.skynetcloud.site · Nov 12, 2024

Nov 12, 2024

Pyrzout @jos1264@social.skynetcloud.site

Evaluating your organization’s application risk management journey https://www.helpnetsecurity.com/2024/11/12/chris-wysopal-veracode-application-risk-management/ #applicationsecurity #riskmanagement #cybersecurity #supplychain #automation #Don'tmiss #Features #Hotstuff #strategy #Veracode #opinion #News #CISO

Help Net Security · Nov 12, 2024Evaluating your organization's application risk management journey - Help Net SecurityTo keep application risk management a dynamic, continuous process, CISOs integrate security into every stage of software development.

**Antonio Francesco Sardella** @m3ssap0@infosec.exchange · Nov 7, 2024

Nov 7, 2024

Antonio Francesco Sardella @m3ssap0@infosec.exchange

Your CI/CD pipeline is vulnerable, but it's not your fault - Elad Pticha, Oreen Livni

https://youtu.be/3dHZ-l3XSsE

YouTubeDEF CON 32 - Your CI CD Pipeline Is Vulnerable, But It's Not Your Fault - Elad Pticha, Oreen LivniBy DEFCONConference

#defcon32 #security #cybersecurity

**Antonio Francesco Sardella** @m3ssap0@infosec.exchange · Nov 5, 2024

Nov 5, 2024

Antonio Francesco Sardella @m3ssap0@infosec.exchange

"Breaking Down Multipart Parsers: File upload validation bypass" by @themiddle

https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/

Sicuranext Blog · Nov 5, 2024Breaking Down Multipart Parsers: File upload validation bypassTL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass validation. We'll test various bypass techniques against PHP, Node.js, and Python parsers, as well as popular

#cybersecurity #appsec #applicationsecurity

**varx/social** @varx@cybersecurity.theater · Nov 7, 2022

Nov 7, 2022

varx/social @varx@cybersecurity.theater

Intro post for my new alt!

**varx/tech** @varx@infosec.exchange · Nov 2, 2022

Nov 2, 2022

varx/tech @varx@infosec.exchange

#Hashtags for being found by: I'm a #treehugger, #bicycle commuter, #SoftwareDeveloper, #ApplicationSecurity enthusiast, and #Linux user. I love #reading #ScienceFiction but have to parse it out slowly.

I'm something of a #hippie -- I go #barefoot much of the time, I don't have a smartphone (#NoSmartphone?), I try to "Eat Food, #MostlyPlants, Not Too Much". And I have a deep respect and love of #nature and its systems, even the uncharismatic parts.

I think #FreeSpeech is super important, but that it comes with the responsibility to #BeKind to others in the process.

Recent searches

Search options

Administered by:

Server stats:

#applicationsecurity