SDLC, or How to Make Development More Secure?


With the development culture continuing to evolve rapidly, new code quality assurance tools are appearing on the market and being used in dramatically new and innovative ways. We’ve already written about static analysis, what to pay attention to when choosing an analyzer, and, finally, how to establish a static analysis-based process for your organization.


The Role of Automation in Keeping Software from Malicious, Unintended Usage


What are the results of developer errors in the code? Why are vulnerabilities in software so widespread? And how DevSecOps and Secure SDLC can help? You can find the answers in my guest essay on The Last Watchdog...

Social Network

3 Must-Read Books for Application Security Manager


Hello friends! Today we will talk about the books that are ‘a must’ for application security manager. This is my choice, but if you have other nominees for “appsec bestseller”, please, share in comments. So, let’s start! 1. Hackable: How to Do Application Security Right. Ted Harrington. Who will be first to find vulnerabilities in code...

Social Network

Vulnerabilities in Open Source Projects: EffectiveProtection


Today let’s talk about why zero-day vulnerabilities in software are so dangerous. There are many types of vulnerabilities known to the information security community and classified by threat or severity level. The term ‘zero-day’ refers to the number of days that the developers have had to fix a new vulnerability. Thus, a zero-day...

Social Network

How to Prevent Theft of iPhone Notes via iOS Vulnerability


On iOS 15 launch day, a security researcher reported a vulnerability allowing hackers to bypass the lock screen and access notes on iPhones with the latest iOS updates (iOS 14.8 and iOS 15). Daniil Chernov, CTO at DerSecur LTD., explained how the vulnerability can be exploited, what hackers need to succeed and how to protect your notes from being stolen.


Apple Discovers Security Vulnerability in Majority of its Devices


News about emergency updates from Apple to address the Pegasus spyware threat is spreading all over the Internet. The exploit was captured by spyware researchers at the University of Toronto's Citizen Lab.