HackDig : Dig high-quality web security articles

CWEs vs CVEs – Identifying vs Responding to the Right Security Issues

For the third time in under a year, I’ve had to analyze a CVE against a third-party library I use that is related to CWE-502 De-serializing of Untrusted Data. In each case, the library maintainers have pushed back, correctly in my opinion, that the problem is not in the library itself but in the hosting application.Fortunately for me, my application is
Publish At:2016-11-29 03:20 | Read:5903 | Comments:0 | Tags:Featured Articles Security Awareness CVE CWE Exploit securit

Jenkins Remoting RCE II – The return of the ysoserial

Jenkins is a continuous integration server, widely used in Java environments for building automation and deployment. The project recently disclosed an unauthenticated remote code execution vulnerability discovered by Moritz Bechler. Depending on the development environment, a Jenkins server can be a critical part of the infrastructure: It often creates the
Publish At:2016-07-01 21:50 | Read:7650 | Comments:0 | Tags:Security Java jenkins serialization vulnerabilities

Zero-Day Deserialization Vulnerability Affects 55% of Android Devices

Security researchers have uncovered a zero-day deserialization vulnerability that allows for arbitrary code execution in 55% of Android devices.For their presentation at USENIX WOOT ’15, researchers Or Peles and Roee Hay at IBM Security explain that their vulnerability (CVE-2015-3825) can be exploited in the context of many apps and can be used to effe
Publish At:2015-08-11 21:45 | Read:5169 | Comments:0 | Tags:Latest Security News Android arbitrary code execution serial

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud