Systems | Development | Analytics | API | Testing

Vulnerability

nodesource

Vulnerability Scanning & 3rd-Party Modules Certification in N|Solid [8/10] The best APM for Node, layer by layer.

NCM —NodeSource Certified Modules— is the secure, reliable way to take advantage of the massive ecosystem of Node.js packages. Certified modules are compatible with Node LTS and monitored continuously to identify risk over time. Certification guarantees no security vulnerabilities or unverified code in modules or dependencies and is easy to set up and manage. No workflow changes are required.

sauce labs

Supplement API Security Testing with Functional API Testing and Integration Testing

The OWASP API Security Top 10 identifies the top API vulnerabilities that pose the greatest risk to mobile, web and SaaS applications as well as internal, partner and external API programs, highlighting which vulnerabilities must be detected and mitigated promptly. Gartner predicts that APIs that expose private information such as Personally Identifiable Information (PII) will be the most common attack vector in 2022.

perforce

What Is Log4Shell? The Log4j Vulnerability Explained

A new vulnerability that impacts devices and applications that use Java has been identified in Log4j, the open-source Apache logging library. Known as Log4Shell, the flaw is the most significant security vulnerability currently on the internet, with a severity score of 10-out-of-10. Fortunately, Perforce static analysis and SAST tools — Helix QAC and Klocwork — can help.

kong

Log4J, Log4Shell and Kong

If you’ve been online at all this week, chances are that you’ve heard about the Log4Shell zero-day (CVE-2021-44228) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target’s machines. I know the first question that you all have is: “Is Kong affected by Log4Shell?” Let’s start with the good news: No Kong products are affected by this Log4J vulnerability.

rollbar

Rollbar Log4J CVE-2021-44228 ("Log4Shell") Community Update

Your data is safe with Rollbar. A zero day in the Java ecosystem was discovered that could exploit Apache’s Log4J library. The vulnerability can, potentially, impact users of Rollbar’s Java SDK if they selected Log4J for their project. We recommend that all projects that are dependent on Log4J upgrade their dependencies so they require a version at/after 2.16.0.

perforce

IP Security Vulnerability Detection

The severity and ingenuity of cyberattacks continues to increase as malicious actors become more proficient, breaking through the software layers and aiming to also compromise hardware like integrated circuits. Relative to software, it is much more difficult to patch security vulnerabilities in ICs – making early identification of IP security weaknesses increasingly important.

honeybadger

Subdomain Takeover: Ignore This Vulnerability at Your Peril

Management thinks that letting folks from WidgetCo log into widgetco.ourapp.com will really help make the sale. It seems harmless enough. But using a custom subdomain like this can open WidgetCo up to potential security issues. In this article, Julien Cretel introduces us to Subdomain Takeover attacks and discusses ways we can mitigate them.