BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

DevOps Follow 94 Followers

Twistlock 2.1 Container Security Suite Released

by Hrishikesh Barua Follow 2 Followers on  Jul 16, 2017

Twistlock announced the general availability of version 2.1 of their container security product. Highlights of the release include an integrated firewall that understands application traffic, vulnerability detection, secrets management via integration with third party tools, and compliance alerting and enforcement.

Development Follow 57 Followers

Git Continues to Improve Security and UI in Version 2.13

by Sergio De Simone Follow 4 Followers on  May 15, 2017

The latest release of Git introduces many changes aimed to improve its user interface, while also fixing two significant vulnerabilities.

Java Follow 125 Followers

Object Deserialisation Filters Backported from Java 9

by Abraham Marín Pérez  Followers on  Mar 28, 2017

JEP 290, which allows filtering of incoming data when deserialising an object, and was initially targeted to Java 9, has been backported to Java 6, 7, and 8. The feature provides a mechanism to filter incoming data in an object input stream as it is being processed, and can help prevent deserialisation vulnerabilities like the one that affected Apache Commons and other libraries a while back.

JavaScript Follow 32 Followers

Study Shows the Web is Crowded with Outdated, Vulnerable JavaScript Libraries

by Sergio De Simone Follow 4 Followers on  Mar 13, 2017

A recent study has found that 37% of Alexa top 75K websites has at least one vulnerability and almost 10% at least two. Maybe even more shockingly, 26% of Alexa top 500 websites use vulnerable libraries.

Cloud Follow 32 Followers

Cloudbleed - Cloudflare Proxies Memory Leak

by Chris Swan Follow 4 Followers on  Feb 26, 2017

A buffer overflow bug has caused a small number of requests to Cloudflare proxies to leak data from unrelated requests, including potentially sensitive data such as passwords and other secrets. The issue, which has been named ‘Cloudbleed’, was discovered by Google Project Zero vulnerability researcher Tavis Ormandy.

Architecture & Design Follow 273 Followers

Microservices and Security

by Jan Stenberg Follow 5 Followers on  Nov 15, 2016

When it comes to application security, we often include it as an afterthought. We have learnt how to add test into the development workflows, but with security we often assume someone else will come and fix it later on, Sam Newman claimed in his keynote at this year’s Microservices Conference in London.

Development Follow 57 Followers

Major Windows Vulnerability Disclosed by Google before Patch Available

by Sergio De Simone Follow 4 Followers on  Nov 02, 2016

A major, currently exploited vulnerability in the Microsoft Windows kernel has recently been disclosed by Google’s Threat Analysis Group, before Microsoft made public a patch or any mitigation advice. Microsoft has stated a fully tested patch will be available in a week.

JavaScript Follow 32 Followers

Angular 1.X Usage Banned in Firefox Extensions

by David Iffland Follow 2 Followers on  Oct 24, 2016

A developer found out the hard way that they had built their Firefox browser extension on banned technology. Angular 1.X has been banned for use in Firefox extensions as long as a security vulnerability exists in the way Angular interacts with the extension and the displayed web page.

DevOps Follow 94 Followers

Docker Security Scanning

by Chris Swan Follow 4 Followers on  May 10, 2016

Docker Inc have announced general availability of Docker Security Scanning, which was previously known as Project Nautilus. The release comes alongside an update to the CIS Docker Security Benchmark to bring it in line with Docker 1.11.0, and an updated Docker Bench tool for checking that host and daemon configuration match security benchmark recommendations.

Development Follow 57 Followers

GitLab Discloses Critical Vulnerability, Provides Patch

by Sergio De Simone Follow 4 Followers on  May 04, 2016

GitLab has just announced a fix for a number of important security fixes, including a critical privilege escalation, and strongly recommends that all GitLab installations from version 8.2 onwards be upgraded immediately. InfoQ has spoken with GitLab’s Stan Hu, VP of Engineering.

JavaScript Follow 32 Followers

NPM Worm Vulnerability Disclosed

by Alex Blewitt Follow 2 Followers on  Mar 26, 2016 2

The NPM project has formally acknowledged a long-standing security vulnerability in which it is possible for malicious packages to run arbitrary code on developer's systems, leading to the first NPM created worm. With the recent problems with NPM, is it safe to use any more? InfoQ investigates.

DevOps Follow 94 Followers

Clair Helps Secure Docker Images

by Manuel Pais Follow 5 Followers on  Dec 30, 2015

Clair is an open-source container vulnerability scanner recently released by CoreOs. The tool cross-checks if a Docker image's operating system and any of its installed packages match any known insecure package versions. The vulnerabilities are fetched from OS-specific common vulnerabilities and exposures databases. Currently supported are Red Hat, Ubuntu, and Debian.

Development Follow 57 Followers

Vulnerability Discovered in libpng

by Jeff Martin Follow 4 Followers on  Nov 18, 2015

It has been announced that the popular and widely used libpng library has vulnerabilities that make applications that rely on it for PNG image support vulnerable to exploitation. System administrators and application developers should take heed to update their systems as soon as possible.

Java Follow 125 Followers

Remotely Exploitable Java Zero Day Exploits through Deserialization

by Alex Blewitt Follow 2 Followers on  Nov 07, 2015 8

According to a recent security analysis by Foxglove Security suggests that applications using deserialization may be vulnerable to a zero-day exploit. This includes libraries including OpenJDK, Apache Commons, Spring and Groovy. InfoQ investigates.

Mobile Follow 22 Followers

Cambridge Study Analyzes State of Android Security

by Sergio De Simone Follow 4 Followers on  Oct 22, 2015

Researchers at the University of Cambridge have carried through an extensive research to assess security across Android devices, Android versions, and years. Their findings show 87% of Android devices to be vulnerable on average over the last four years. InfoQ has spoken with Daniel Thomas, lead author of the study.

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT