HTTP request smuggling vulnerability in Node.js (CVE-2022-35256)
In this Help Net Security video, Austin Jones, Principal Software Engineer at ThreatX, explains what HTTP request smuggling is, and discusses a recently uncovered HTTP request …
HackerOne updates Internet Bug Bounty program to improve the security of open source software
HackerOne announced the next evolution of the Internet Bug Bounty (IBB) program at the company’s annual Security conference. The IBB’s mission is to secure open source by …
Granulate gProfiler provides support to Graviton processors to improve code quality
Granulate announced the latest addition to its gProfiler, which now provides support to Graviton processors. With this new addition to gProfiler, organizations running …
Granulate adds Kubernetes filtering feature to open-source gProfiler
Granulate released new Kubernetes filters feature to the company’s gProfiler. gProfiler is an open-source production profiling solution that measures the performance of code …
Dynatrace extends its AI-powered risk assessment for applications running on Node.js
Dynatrace announced enhancements to its Application Security Module, which the company released in December 2020. These include extending Dynatrace’s AI-powered risk …
Container usage has grown in complexity, specific security controls are needed
Container usage has grown in scale and complexity, and doubled in density, according to Sysdig. As container technologies continue to transform how organizations deliver …
Node.js security: Are developers confident in the quality of their code?
A NodeSource and Sqreen joint developer survey of nearly 300 CTOs, CIOs and developers revealed that, while the developer community fully understands the risks of operating in …
How programmers can be tricked into running bad code
Are programming language package managers vulnerable to typosquatting attacks? And can these attacks result in software developers running potentially malicious code? The …