Some thoughts about “Shift Left” security in DevSecOps

A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle.
In a application security context, this refers to the measures implemented to ensure thart security concerns are taken into consideration during the whole application development, rather than at the end of the process.

Continue reading “Some thoughts about “Shift Left” security in DevSecOps”

CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability

Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products.

Continue reading “CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability”

TikTok fixed several vulnerabilities that could allow hijacking of any account

Security experts from CheckPoint discovered multiple vulnerabilities in the popular TikTok app that could be chained by remote attackers to hijack any user accounts, execute malicious code on the target system and perform unwanted actions.

Continue reading “TikTok fixed several vulnerabilities that could allow hijacking of any account”