programming
Establishing secure habits for software development in 2023
As a new year commences, it’s not unusual for people to take the opportunity to adopt better practices and principles and embrace new ways of thinking in both their personal …
Trained developers get rid of more vulnerabilities than code scanning tools
An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of …
What closed-source software developers can learn from their open-source counterparts
Open-source software has reached greater levels of security than ever before, but its increased adoption comes with new challenges. In this Help Net Security video, Josep …
APIs are quickly becoming the most popular attack vector
In this Help Net Security video, Shay Levi, CTO at Noname Security, discusses the findings from a recent API security report, which reveals a growing number of API security …
CI Fuzz CLI: Open-source tool simplifies fuzz testing for C++
Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught …
What you need to know about Evil-Colon attacks
While novel attacks seem to emerge faster than TikTok trends, some warrant action before they’ve even had a chance to surface. This is the case for an attack we’ll refer to as …
The 25 most popular programming languages and trends
CircleCI released the 2022 State of Software Delivery report, which examines two years of data from more than a quarter billion workflows and nearly 50,000 organizations …
How to manage the intersection of Java, security and DevOps at a low complexity cost
In this Help Net Security video, Erik Costlow, Senior Director of Product Management at Azul, talks about Java centric vulnerabilities and the headache they have become for …
“ParseThru” vulnerability allows unauthorized access to cloud-native applications
A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native …
Why your API gateway is not enough for API security?
The emergence of cloud computing architectures has caused enterprises to rethink the way applications are scaled. Impetuses were put on companies to get away from deploying …
Applying Shift Left principles to third party risk management
In this Help Net Security video, Etai Hochman, CTO at Mirato, talks about applying Shift Left, a concept that originated with developers to find and prevent defects early in …
Trojan Source bugs may lead to extensive supply-chain attacks on source code
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …