Cyber Security NEWS

06.04.2022: Choosing a software code analyzer: why free solutions turn out to be paid twice?

Companies, when choosing between commercial software and free software, prefer the latter in an attempt to save money. This is also true for software code security analyzers. Dan Chernov, Chief Technology Officer at DerSecur, explained why saving money on code analyzers can result in unexpected costs. Why do they check the code The task of …

06.04.2022: Choosing a software code analyzer: why free solutions turn out to be paid twice? Read More »

29.03.2022: Just Eat Takeaway.com improves its product security with DerScanner

Just Eat Takeaway.com, a European food delivery marketplace, uses a static code analyzer DerScanner to improve the security of developed applications. The company leverages the scanner developed by DerSecur to boost the security of applications that enable the platform to interact with its customers, employees, and partners. Just Eat Takeaway.com is an online restaurant food delivery …

29.03.2022: Just Eat Takeaway.com improves its product security with DerScanner Read More »

27.01.2022: Android malware BRATA attacks mobile banking users

Security researchers warn of the rising threat that BRATA trojan poses to online banking. The malware for Android devices was first discovered in 2019. BRATA provided hackers with remote access to victims’ mobile devices, mainly in Brazil. Later the malware was updated. In late 2021 it was spotted actively attacking online banking users in Europe. New versions began to appear, each …

27.01.2022: Android malware BRATA attacks mobile banking users Read More »

20.12.2021: DerScanner’s vulnerability database now includes Log4Shell zero-day threats

DerSecur has updated the vulnerability database of the DerScanner SAST analysis tool: it now includes the recently discovered zero-day vulnerabilities in the Apache Log4j library. The Apache Log4j library is used by millions of enterprise applications and Java servers to log error messages. The abovementioned library vulnerabilities are called Log4Shell (or LogJam, LogJ) and classified …

20.12.2021: DerScanner’s vulnerability database now includes Log4Shell zero-day threats Read More »

03.12.2021: Some FAQ about DevSecOps

How long has the DevSecOps methodology been around? It is difficult to determine with any certainty when DevSecOps emerged, as the methodology has no identifiable author. From 2009 to 2010, the DevOps movement emerged—a methodology of interaction between the teams developing and operating software products. At the same time, the trend toward application security was developing, …

03.12.2021: Some FAQ about DevSecOps Read More »

10.11.2021: Application Security Manager: Developer or Security Offiсer?

The majority of successful attacks on organizations exploit software vulnerabilities and backdoors. Fortunately, software vulnerability scanners are no longer considered to be exotic by companies. Instead, they have become a core element of security infrastructure. With a small scope of development work, you can use a scanner manually. However, a larger amount of code calls …

10.11.2021: Application Security Manager: Developer or Security Offiсer? Read More »