Official CheckMarx Jenkins package compromised with infostealer
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]
Application Security covers flaws in software and services that attackers can exploit to steal data, disrupt systems, or gain access.
Search across headline titles and summaries.
Background for this topic.
Application security is the practice of protecting software and its data throughout design, development, deployment, and maintenance. It covers applications such as web and mobile services, APIs, and the libraries and cloud configurations they depend on. Typical weaknesses include injection, broken access controls, insecure authentication, exposed secrets, unsafe deserialization, and vulnerable third-party components.
These flaws can let an attacker read or alter data, impersonate users, execute unauthorized actions, or gain a foothold in connected systems. Effective defenses include threat modeling and secure coding, peer review, automated testing, dependency and secret scanning, timely vulnerability remediation, and penetration testing for higher-risk functions. Controls must continue after release: logging and application-layer monitoring can help detect abuse, while well-tested access controls, safe configuration, and an incident-response plan limit and investigate exploitation. Vulnerability management should prioritize issues by exploitability, exposure, affected data, and the privileges available through the application.
Weekly headline count for the current query.
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]
In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security. [...]
Pen Testing as a Service and Traditional web application pen testing offers two different approaches to securing your applications. Learn more from Outpost24 on which approach may be best for your business. [...]
How do you choose between Penetration Testing as a Service (PTaaS) or traditional web application pen testing? Learn more from Outpost24 on the differences between both pentesting methods. [...]
When a cyberattack like the 2023 MOVEit hack makes global news headlines, attention often focuses on the names of the affected organizations. This article from @Outpost24 overviews the Moveit hack and aims to draw some important actionable takeaways for your business. [...]
[...]
External web applications can prove difficult to secure and are often targeted by hackers due to the range of vulnerabilities they may contain. These are 10 Common web application security risks you should know about. [...]
Both penetration testing and vulnerability scanning are essential to upholding and maintaining a strong security posture. Here are the benefits of combining both to maximize coverage and your web application security. [...]
Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework. [...]