HackDig : Dig high-quality web security articles for hacker

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:153 | Comments:0 | Tags:Application Security Risk Management Application Development

Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr
Publish At:2017-08-08 05:25 | Read:240 | Comments:0 | Tags:Mobile Open source Vulnerabilities android F2FS Linux Vulner

DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics

By Marco Balduzzi and Federico Maggi The security industry as a whole loves collecting data, and researchers are no different. With more data, they commonly become more confident in their statements about a threat. However, large volumes of data require more processing resources, as extracting meaningful and useful information from highly unstructured data i
Publish At:2017-07-28 11:00 | Read:258 | Comments:0 | Tags:Open source DefPloreX

In Case You Missed the Memo: What’s New in IBM’s Application Security Testing?

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss
Publish At:2017-06-28 14:55 | Read:382 | Comments:0 | Tags:Application Security Cloud Security Risk Management Applicat

Introducing Moby Project: a new open-source project to advance the software containerization movement

Since Docker democratized software containers four years ago, a whole ecosystem grew around containerization and in this compressed time period it has gone through two distinct phases of growth. In each of these two phases, the model for producing container systems evolved to adapt to the size and needs of the user community as well as the project and the g
Publish At:2017-05-24 19:05 | Read:612 | Comments:0 | Tags:Engine Engineering Networking News Orchestration Registry Re

Taming the Open Source Beast With an Effective Application Security Testing Program

Cute Attacks With Acute Impact on Your Application Security Testing Effectiveness Here we go again: Another attack with a cute name is about to make the news. More dangerous than a Ghost, a POODLE, a FREAK, a Heartbleed, a Shellshock or the other 6,000-plus attacks that show up each year, we know at least two things about it:   It will probably attack
Publish At:2017-05-05 01:55 | Read:584 | Comments:0 | Tags:Application Security Cloud Security DevOps Open Source Stati

Smart Whitelisting Using Locality Sensitive Hashing

By Jon Oliver and Jayson Pryde Locality Sensitive Hashing (LSH) is an algorithm known for enabling scalable, approximate nearest neighbor search of objects. LSH enables a precomputation of a hash that can be quickly compared with another hash to ascertain their similarity. A practical application of LSH would be to employ it to optimize data processing and a
Publish At:2017-03-30 22:25 | Read:572 | Comments:0 | Tags:Malware Open source Fuzzy Hashing Locality Sensitive Hashing

Netflix releases the Stethoscope tool to improve security

Netflix has released the Stethoscope open source web application that provides recommendations for securing their devices. Netflix has released Stethoscope, an open source web application that provides recommendations for securing computers, smartphones, and tablets. Netflix intends to follow a “user focused security” approach that aims to provide employees
Publish At:2017-02-23 15:55 | Read:822 | Comments:0 | Tags:Breaking News Hacking Security data breach Netflix NetFlix S

Women in Information Security: Zoё Rose

Women are eagerly needed in information security because we offer unique perspectives and there are so few of us.So far in this series, I interviewed Tiberius Hefflin, Tracy Maleef, Isly, Kat Sweet, and Jess Dodson–five different women from different parts of the English-speaking world and from different areas of IT.For my sixth and final interview, I
Publish At:2016-12-05 06:40 | Read:1158 | Comments:0 | Tags:Off Topic computing Cyber hacking Information Security Open

Linux hardening: a 15-step checklist for a secure Linux server

Most people assume Linux is secure, and that’s a false assumption. Imagine your laptop is stolen without first being hardened. A thief would probably assume your username is “root” and your password is “toor” since that’s the default password on Kali and most people continue to use it. Do you? I hope not.The negative career implications of choosing not to ha
Publish At:2016-11-25 20:40 | Read:3639 | Comments:0 | Tags:Linux Open Source Security Servers IDG Insider

Super Mari-owned: Startling Nintendo-based vulnerability discovered in Ubuntu

A vulnerability in a multimedia framework present on Version 12.04.5 of Ubuntu can be exploited by sound files meant to be played on the venerable Nintendo Entertainment System, according to security researcher Chris Evans.The vulnerability is the result of a flaw in an audio decoder called libgstnsf.so, which allows gstreamer Version 0.10 to play the NS
Publish At:2016-11-15 21:05 | Read:826 | Comments:0 | Tags:Open Source Linux Security Vulnerability

Meet Apache Spot, a new open source project for cybersecurity

Hard on the heels of the discovery of the largest known data breach in history, Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data analytics and machine learning for cybersecurity.Originally created by Intel and launched as the Open Network Insight (ONI
Publish At:2016-09-28 16:45 | Read:1055 | Comments:0 | Tags:Big Data Security Analytics Artificial Intelligence Open Sou

OpenOffice coders debate retiring the project

Concerns at the Apache Software Foundation that the Apache OpenOffice project it hosts might be failing have prompted a debate about retiring the project, and triggered the resignation of at least one member of the project's management committee. The office productivity suite was once a key element of efforts to build an open source alternative to Micros
Publish At:2016-09-05 20:45 | Read:703 | Comments:0 | Tags:Open Source Security Productivity Application Development

IDG Contributor Network: How hackers are making products safer

Jono Bacon, the former community manager of Ubuntu, recently left GitHub (his second job since leaving Canonical) to start his own consulting firm. He is currently working with HackerOne, which just announced its Hack the World competition. I spoke with Bacon about HackerOne, his role with the organization and the competition. Following is an edi
Publish At:2016-07-22 21:50 | Read:800 | Comments:0 | Tags:Security Application Development Open Source

New Mozilla fund will pay for security audits of open-source code

A new Mozilla fund, called Secure Open Source, aims to provide security audits of open-source code, following the discovery of critical security bugs like Heartbleed and Shellshock in key pieces of the software.Mozilla has set up a US$500,000 initial fund that will be used for paying professional security firms to audit project code. The foundation will
Publish At:2016-06-10 06:30 | Read:801 | Comments:0 | Tags:Security Open Source Software

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud