Aggregator

SDL 67/100问:如何逐步建设XAST安全测试工具?

我的安全视界观
10 months 2 weeks ago
一般而言,都是倒着建设的顺序,类似出了信息安全事件之后的救火,“从右往左”开始建设。就软件开发流程而言,则是从测试阶段到编码阶段: 1、DAST:测试阶段的中后期,部署好测试环境后进行主机、web漏洞扫描; 2、IAST:测试阶段的前中期,在部署测试环境的同时插入探针,随着功能测试开展安全测试; 3、SAST:编码阶段的安全活动,也可前置到开发提交代码时触发扫描,同期的安全活动还有SCA。 综上是常见XAST工作的阶段及推荐顺序,因为大概率是重头开始建设,安全人员、技术能力等各方面的能力、资源都还不够成熟,产品线也需要慢慢适应这个过程。各类工具独具特点,最大的技术拦路虎是误报,不过只要投入安全人员进行运营,也会走到可落地推行的状态。 更多内容,可以访问: 1、SDL 100问 SDL100问:我与SDL的故事 SAST误报太高,如何解决? SDL需要哪些人参与? 如何在隔离环境中修复大量的Java漏洞? SDL如何做成平台化以及价值? 安全SDK提供安全API是怎么做的? SDL 66/100问:安全测试,测不出逻辑漏洞怎么办? 2、SDL创新实践 首发!“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键:研发安全团队 DevSecOps实施关键:研发安全流程 DevSecOps实施关键:研发安全规范 从安全视角,看研发安全 数字化转型下研发安全痛点 一个思考:安全测试驱动产品安全? 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、软件供应链安全 软件供应商面临的攻防实战风险 软件供应商实战对抗十大安全举措 软件供应商攻防常规战之SDL 软件供应链投毒事件应急响应 浅谈企业级供应链投毒应急安全能力建设 5、安全运营实践 基于实践的安全事件简述 安全事件运营SOP:钓鱼邮件 安全事件运营SOP:网络攻击 安全事件运营SOP:蜜罐告警 安全事件运营SOP:webshell事件 安全事件运营SOP:接收漏洞事件 应急能力提升:实战应急困境与突破 应急能力提升:挖矿权限维持攻击模拟 应急能力提升:内网横向移动攻击模拟 应急能力提升:实战应急响应经验

Evaluating the Security Efficacy of Web Application Firewalls (WAFs)

Security Boulevard
10 months 2 weeks ago

Web Application Firewalls (WAFs) are now a staple in defending web-facing applications and APIs, acting as specialized filters to block malicious traffic before it ever reaches your systems. But simply deploying a WAF isn’t enough, the real challenge is knowing whether it works when it matters most. Not all WAFs are created equal, and a […]

The post Evaluating the Security Efficacy of Web Application Firewalls (WAFs) appeared first on Blog.

The post Evaluating the Security Efficacy of Web Application Firewalls (WAFs) appeared first on Security Boulevard.

Eric Guillotin

CVE-2022-32911 | Apple iOS/iPadOS up to 15.6.1 Kernel memory corruption (HT213445)

Vuldb Updates
10 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Apple iOS and iPadOS up to 15.6.1. This issue affects some unknown processing of the component Kernel. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2022-32911. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-32883 | Apple iOS/iPadOS up to 15.6.1 Maps information disclosure (HT213445)

Vuldb Updates
10 months 2 weeks ago
A vulnerability was found in Apple iOS and iPadOS up to 15.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the component Maps. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-32883. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-32908 | Apple iOS/iPadOS up to 15.6.1 MediaLibrary memory corruption (HT213445)

Vuldb Updates
10 months 2 weeks ago
A vulnerability was found in Apple iOS and iPadOS up to 15.6.1. It has been classified as problematic. This affects an unknown part of the component MediaLibrary. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2022-32908. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-32886 | Apple iOS/iPadOS up to 15.6.1 WebKit buffer overflow (HT213445)

Vuldb Updates
10 months 2 weeks ago
A vulnerability classified as critical was found in Apple iOS and iPadOS up to 15.6.1. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2022-32886. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-32911 | Apple macOS up to 12.5.1 Kernel memory corruption (HT213444)

Vuldb Updates
10 months 2 weeks ago
A vulnerability was found in Apple macOS up to 12.5.1 and classified as critical. This issue affects some unknown processing of the component Kernel. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2022-32911. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-32883 | Apple macOS up to 12.5.1 Maps information disclosure (HT213444)

Vuldb Updates
10 months 2 weeks ago
A vulnerability was found in Apple macOS up to 12.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Maps. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-32883. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-32908 | Apple macOS up to 12.5.1 MediaLibrary memory corruption (HT213444)

Vuldb Updates
10 months 2 weeks ago
A vulnerability classified as critical has been found in Apple macOS up to 12.5.1. This affects an unknown part of the component MediaLibrary. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2022-32908. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad