The Veracode Research Team

The Veracode Research Team

Stay up to date on Application Security

Posts by The Veracode Research Team
  • What You Need to Know About OpenSSL-3.0…
    | By The Veracode Research Team

    OpenSSL released version 3.0.7 with security fixes for High Severity vulnerabilities CVE-2022-3786 & CVE-2022-3602 discussed here. Here's how to know if you're affected and what to do if you are. Am I affected by open SSL vulnerabilities? At this moment it seems that OpenSSL…

    Read Article
     
  • Spring Framework Remote Code Execution…
    | By The Veracode Research Team

    Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite…

    Read Article
     
  • A Review of Log4Shell Detection Methods
    | By The Veracode Research Team

    Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to …

    Read Article
     
  • The Good, the Bad, and The Ugly:…
    | By The Veracode Research Team

    Why is OWASP a Good Framework The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released…

    Read Article
     
  • Analysis and Remediation: Log4j Zero-…
    | By The Veracode Research Team

    Updates: 30-Dec-2021: Clarified attack scenario for Log4j 1.x CVE-2021-4104 29-Dec-2021: Updated remediation guidance to include CVE-2021-44832 22-Dec-2021: Added details for the latest version of Log4J for Java 6 and Java 7 20-Dec-2021: Updated Am I affected, Remediation and Off-the-…

    Read Article
     
  • Recent Updates to the OWASP Top Ten Web…
    | By The Veracode Research Team

    The Open Web Application Security Project (aka OWASP) recently announced its latest updates to the venerable OWASP Top Ten list. This publication is meant to bring attention to the most common classes of software-related security issues facing developers and organizations…

    Read Article