5 smart contract vulnerabilities: How to identify and mitigate them - Explore five critical smart contract vulnerabilities that pose ri... - https://cointelegraph.com/news/5-smart-contract-vulnerabilities #smartcontractvulnerabilities #decentralizedapplications #blockchainsecurity #contractauditing #riskmitigation #securecoding.

El lado del mal - Máster en Desarrollo Seguro y DevSecOps: Abierto plazo de matrícula https://www.elladodelmal.com/2023/07/master-en-desarrollo-seguro-y-devsecops.html #master #DevSecOps #DevOps #SecureCoding #formación #universidad

#DevSecOps is a security-focused approach to software development that reconciles the trade-off between speed and security.

DevOps prioritizes speed and agility, whereas security emphasizes control and risk management. DevSecOps tries to resolve this conflict by embedding security into the DevOps processes without impeding the development of applications or code. What helps?

🔐 Automation: DevSecOps automates security testing and monitoring, minimizing vulnerabilities in the development process.

🔐 Shift-Left Security: DevSecOps prioritizes early security consideration, eradicating vulnerabilities from the start.

🔐 Collaboration: DevSecOps fosters collaboration among stakeholders to address security issues promptly.

🔐 Continuous Feedback ...

🔐 Scalability...

https://securityintelligence.com/posts/devsecops-striking-a-balance-between-speed-and-security/

#SoftwareDevelopment #RiskManagement #Speed #Agility #CodeVulnerabilities #SecureDevelopment #Tradeoff #RiskMitigation #SecureSDLC #ApplicationSecurity #SecureCoding #CloudSecurity

"(In)Secure C++" live public online training Aug 8th - 11th (CET)

In this 4-day training I teach how C and C++ applications can be exploited, and how you can find vulnerabilities that can be exploited. Frequently referred to as the "best training I have ever attended" by students.

Sign up, seats are limited. 20% discount on bookings of 2 or more seats, example: 2000€ for one seat, 3200€ for two.

#cpp #securecoding #hacking
https://turtlesec.no/blog/insecure-cpp/

I’ve just released attempt 2 at a workaround for monorepos with :github: Advanced Security Code Scanning results, to let you filter by project 🚀

My last try didn’t work out, but I’ve taken a new tack ⛵️ and come back with a new ✨ way…

https://github.com/advanced-security/monorepo-filtering-workaround

The sample Actions workflow I’ve shown works for CodeQL, but you can apply the same idea to any Code Scanning integration.

#GitHub #SAST #GitHubAdvancedSecurity #MonoRepo #DevSecOps #SecureCoding

🔥⏲️ Fudge Sunday "Press Rewind" This week we take at recent updates in software supply chain security that provide an ability to press rewind.

#security #software #supplychain #sbom #attestation #people #processes
#tools #devsecops #secops #platformengineering #devex #developerexperience #securecoding #internetofthings #embeddedsystems #exploits #computing #cloud #iotsecurity #newsletter #newsletters

https://fudge.org/archive/press-rewind/

:github: is looking for #Swift #opensource projects to try out the upcoming Swift support in #GitHub code scanning.

Sign up here:

https://github.com/github/codeql/discussions/12522

You’ll be able to get access to the new CodeQL-powered static source code analysis before it ships to everyone else.

#SwiftLang #IOSdev #SAST #SecureCoding #DevSecOps #CodeQL #BetaTesting #PrivateBeta #MobileDev

:github: is looking for #Swift #opensource projects to try out the upcoming Swift support in #GitHub code scanning.

Sign up here:

https://github.com/github/codeql/discussions/12522

You’ll be able to get access to the new CodeQL-powered static source code analysis before it ships to everyone else.

#SwiftLang #IOSdev #SAST #SecureCoding #DevSecOps #CodeQL #BetaTesting #PrivateBeta #MobileDev

There’s some really top notch secure coding advice on this site 🤣

https://raisistance.com/implementing-gets-in-a-safe-manner/

(via LiveOverflow)

#gets #SecureCoding #AdversarialAI #AdversarialAttack #Luddites

I kicked off my blog with a post about writing regex for GitHub Secret Scanning's custom patterns (which you get if you pay for Advanced Security):

https://aegilops.github.io/posts/regex-for-secret-scanning/

#GitHub #SecretScanning #SecureCoding #DevSecOps #regex #HyperScan

@kytta @pamelafox this is the right way, especially the quote() call.

You should also validate the hostname e.g. https://validators.readthedocs.io/en/latest/#module-validators.domain

I would put the literal 'WEBSITE_HOSTNAME' in a global, to remove silent typos and make refactoring easier.

I don't always do this, but I thank 🙏 myself when I do.

Does the _host variable need the _ there? What's it for? The variable is used, so it's not to silence a linter.

#Python #CodeReview #Validation #SecureCoding

Today, decided to start to do the community course regarding #Securecoding in @wehackpurple, as the start on my jump to create a #cybersecurity Module that can be used in my Education Company.

OK #cybersecurity industry I'm #OverIt, false security much?

Time to fix your house so we can fix ours and get back to our knitting.

#CyberSec #CyberAttack #infosec #vulnerability #informationsecurity #exploits #firewalls #Security

https://www.linkedin.com/posts/aprendergast_fortios-flaw-exploited-as-zero-day-in-attacks-activity-7019639350585937920-AXzp/

.\p

#CyberAttack #vulnerabilities #informationsecurity #cybersecurity #infosec #cybersec #firewallsecurity #firewall #firewalls #edgecomputing #endpointsecurity #endpointprotection #webapplicationsecurity #securecoding #unsceb #secops #security #networksecurity #networking

Cisco
Fortinet
Sophos
Palo Alto Networks
NETGEAR
TP-Link
ASUS
SonicWall
WatchGuard Technologies
Dell Technologies
NortonLifeLock
Check Point Software Technologies Ltd
Juniper Networks
CyberGuard Technologies Limited
Firewalla Inc
Thinkst Canary
Cisco Meraki
Ubiquiti Inc.
Zyxel
Blue Coat Systems acquired by Symantec
Symantec
Cisco Secure
Cisco Networking
Cisco - Intelligent Networking

@ibboard yep, it's painful!

A mix of compiler warnings, static analysis & dynamic analysis with sanitizers helped tame it for me.

Try Clang with `-Weverything -Werror`. Fix them and sometimes suppress them.

Free static analyzers include Clang Analyzer, GCC's static analyzer, CodeQL (free for open source), cbmc, cppcheck, and DevSkim.

Clang's sanitizers (ASan, UBSan, MSan, TSan) with a fuzzer (e.g. AFL++) will find lots of bugs.

#C #SAST #DAST #Clang #SecureCoding

@SheHacksPurple You should add more tags to your toots, you'll reach a greater audience #infosec #appsec #securecoding

But for sure, @teriradichel blog is awesome and contain lots of useful resources

✨ Code-generating AI can introduce security vulnerabilities, study finds

👉 This is expected

👉 Does not mean it cant be resolved. Human leaves bugs including the experts.

👉 Question is whether how effieiciently retrain the model with updated datasets and avoid making future bugs(like how we train human). It is possible. It might surpass humans in that.

https://techcrunch.com/2022/12/28/code-generating-ai-can-introduce-security-vulnerabilities-study-finds/

#machinelearning #AI #infosec #appsec #securecoding #owasp #ml

Yay, das war spaßig. https://tryhackme.com/3l1o7/badges/adventofcyber4 #thm #tryhackme #cybersec #securecoding #redteam #blueteam

Referenced link: https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html
Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://twitter.com/TheHackersNews/status/1598626031782416384#m

What Developers Need to Fight the Battle Against Common Vulnerabilities

Read: https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html

#securecoding #DevSecOps

Referenced link: https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html

Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://twitter.com/TheHackersNews/status/1598626031782416384#m

What Developers Need to Fight the Battle Against Common Vulnerabilities

Read: https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html

#securecoding #DevSecOps

A. Kudriavtseva and O. Gadyatskaya, "Secure Software Development Methodologies: A Multivocal Literature Review"¹

In recent years, the number of cyber attacks has grown rapidly. An effective way to reduce the attack surface and protect software is adoption of methodologies that apply security at each step of the software development lifecycle. While different methodologies have been proposed to address software security, recent research shows an increase in the number of vulnerabilities in software and data breaches. Therefore, the security practices incorporated in secure software development methodologies require investigation. This paper provides an overview of security practices involved in 28 secure software development methodologies from industry, government, and academia. To achieve this goal, we distributed the security practices among the software development lifecycle stages. We also investigated auxiliary (non-technical) practices, such as organizational, behavioral, legal, policy, and governance aspects that are incorporated in the secure software development methodologies. Furthermore, we explored methods used to provide evidence of the effectiveness of the methodologies. Finally, we present the gaps that require attention in the scientific community. The results of our survey may assist researchers and organizations to better understand the existing security practices integrated into the secure software development methodologies. In addition, our bridge between "technical" and "non-technical" worlds may be useful for non-technical specialists who investigate software security. Moreover, exploring the gaps that we found in current research may help improve security in software development and produce software with fewer number of vulnerabilities.

#arXiv #ResearchPapers #SoftwareDevelopmentMethodologies #SecureCoding
__
¹ https://arxiv.org/abs/2211.16987