This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-11T21:11:32+00:00 www.secnews.physaphae.fr Veracode - Application Security Research, News, and Education Blog Understanding Security Debt Security debt is a major and growing problem in software development with significant implications for application security, according to Veracode\'s State of Software Security 2024 Report. Let\'s delve a bit deeper into the scope and risk of security debt, and gain some insights for application security managers to effectively address this challenge. Security debt refers to software flaws that remain unfixed for a year or more. These flaws accumulate over time due to various factors, including resource constraints, technical complexity, or lack of prioritization. Security debt can be categorized as critical or non-critical and can exist in both first-party and, maybe more worrying, third-party code. Prevalence and Impact of Security Debt According to recent research, 42% of active applications have security debt, with 11% carrying critical security debt that poses a severe risk to organizations. Large applications are particularly susceptible, with 40% of…]]> 2024-03-18T12:25:43+00:00 https://www.veracode.com/blog/managing-appsec/security-debt-growing-threat-application-security www.secnews.physaphae.fr/article.php?IdArticle=8466191 False Threat,Technical None 3.0000000000000000 Veracode - Application Security Research, News, and Education Blog The release of the February 2024 White House Technical Report, Back to the Building Blocks: A Path Towards Secure Measurable Software, brings about a timely shift in prioritizing software security. Software is ubiquitous, so it\'s becoming increasingly crucial to address the expanding attack surface, navigate complex regulatory environments, and mitigate the risks posed by sophisticated software supply chain attacks.   Let\'s explore the key insights from the White House Technical Report and delve into recommendations for integrating security across the software development lifecycle (SDLC).  Securing Cyberspace Building Blocks: The Role of Programming Languages  The White House\'s report emphasizes the programming language as a primary building block in securing the digital ecosystem. It highlights the prevalence of memory safety vulnerabilities and the need to proactively eliminate entire classes of software vulnerabilities. The report advocates for the adoption of…]]> 2024-03-13T11:17:26+00:00 https://www.veracode.com/blog/security-news/timely-shift-prioritizing-software-security-2024-digital-landscape www.secnews.physaphae.fr/article.php?IdArticle=8463264 False Vulnerability,Technical None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog In today\'s digital landscape, web applications and APIs are constantly under threat from malicious actors looking to exploit vulnerabilities. A common and dangerous attack is a SQL injection. In this blog, we will explore SQL injection vulnerabilities and attacks, understand their severity levels, and provide practical steps to prevent them. By implementing these best practices, you can enhance the security of your web applications and APIs. Understanding SQL Injection Vulnerabilities and Attacks SQL injection attacks occur when hackers manipulate an application\'s SQL queries to gain unauthorized access, tamper with the database, or disrupt the application\'s functionality. These attacks can lead to identity spoofing, unauthorized data access, and chained attacks. SQL injection is a technique where hackers inject malicious SQL queries into a web application\'s backend database. This vulnerability arises when the application accepts user input as a SQL statement that the database…]]> 2024-02-26T15:17:44+00:00 https://www.veracode.com/blog/secure-development/practical-steps-prevent-sql-injection-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8456060 False Vulnerability,Threat,Guideline,Technical None 3.0000000000000000