This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T02:28:58+00:00 www.secnews.physaphae.fr SonarSource - Blog Sécu et Codage This post delves into an actual Jenkins vulnerability to understand the intricacies of deeper SAST for detecting deeply hidden code vulnerabilities. It illustrates how deeper SAST works and explains its impact on keeping your code clean and free of these serious issues.]]> 2024-05-15T17:00:00+00:00 https://www.sonarsource.com/blog/sonar-power-of-deeper-sast www.secnews.physaphae.fr/article.php?IdArticle=8500405 False Vulnerability None None SonarSource - Blog Sécu et Codage Parallelism has been around for decades, but it is still a source of critical vulnerabilities nowadays. This blog post details a severe vulnerability in the remote desktop gateway Apache Guacamole, highlighting the security risks of parallelism.]]> 2024-05-14T15:00:00+00:00 https://www.sonarsource.com/blog/avocado-nightmare-2 www.secnews.physaphae.fr/article.php?IdArticle=8499599 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage The rapid development of different technologies doesn\'t come without risks. This blog post details a critical vulnerability in the remote desktop gateway Apache Guacamole, which showcases the challenges of code interoperability.]]> 2024-05-07T15:00:00+00:00 https://www.sonarsource.com/blog/avocado-nightmare-1 www.secnews.physaphae.fr/article.php?IdArticle=8495346 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage Speed and quality are no longer trade-offs in the modern software landscape - they\'re a tightly interwoven dance. That\'s where the "Shift Left" philosophy comes in, urging us to move critical checks and balances like code quality analysis earlier in the development lifecycle.]]> 2024-05-01T17:00:00+00:00 https://www.sonarsource.com/blog/leveraging-sonarqube-sonarcloud-and-sonarlint-for-effective-shift-left-practices www.secnews.physaphae.fr/article.php?IdArticle=8492023 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage The current software development approach of relying on unit testing to determine if code can be pushed to production isn\'t cutting it. Static code analysis must be incorporated into the development process to catch and help fix quality issues as well.]]> 2024-04-30T17:00:00+00:00 https://www.sonarsource.com/blog/driving-devops-transformation-leveling-up-ci-cd-with-static-code-analysis www.secnews.physaphae.fr/article.php?IdArticle=8491439 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Explore how DevOps principles and practices can transform the challenge of managing legacy code into an opportunity for improvement. This piece outlines actionable strategies for refactoring, the importance of automation, and adopting a \'Clean as You Code\' approach to ensure sustainable code quality and efficiency.]]> 2024-04-18T14:00:00+00:00 https://www.sonarsource.com/blog/legacy-codebases-are-a-devops-issue www.secnews.physaphae.fr/article.php?IdArticle=8484775 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage The 10.5 release of SonarQube includes support for Java 21, C++23, and TypeScript 5.4. Secrets detection analysis is faster and deeper SAST coverage has increased. Project onboarding is more simplified for GitLab, monorepos, Maven, and GitHub Actions. Read on to find out about these and much more.]]> 2024-04-16T17:00:00+00:00 https://www.sonarsource.com/blog/sonarqube-10-5-release-announcement www.secnews.physaphae.fr/article.php?IdArticle=8483704 False None None 1.00000000000000000000 SonarSource - Blog Sécu et Codage Our Vulnerability Research team discovered a critical code vulnerability in SourceForge, which attackers could have used to poison deployed files and spread malware to millions of users.]]> 2024-04-16T15:00:00+00:00 https://www.sonarsource.com/blog/dangerous-import-sourceforge-patches-critical-code-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8483496 False Malware,Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage Pairing the "trust, but verify" approach with the power of Sonar\'s Clean Code solutions enables organizations to be confident that their AI-generated code is high-quality, maintainable, reliable, and secure.]]> 2024-04-11T13:00:00+00:00 https://www.sonarsource.com/blog/ai-generated-code-demands-trust-but-verify-approach-to-software-development www.secnews.physaphae.fr/article.php?IdArticle=8480091 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Are you writing logging code in your app? Logging correctly can be tricky. It is an important part of tracking the progress of your app while running and determining the origin of problems when they arise. In this blog post Denis Troller walks you through common pitfalls and logging best practices when coding in C# with .NET.]]> 2024-04-10T18:00:00+00:00 https://www.sonarsource.com/blog/csharp-logging www.secnews.physaphae.fr/article.php?IdArticle=8479384 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Explore the lesser-known Apache Dubbo risks that weren\'t well documented until now, and delve into the importance of clean code ensuring clarity, maintainability, and comprehensibility.]]> 2024-04-01T22:00:00+00:00 https://www.sonarsource.com/blog/apache-dubbo-consumer-risks www.secnews.physaphae.fr/article.php?IdArticle=8474636 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Last September 2023 Java 21 was released as the latest LTS (Long Time Support). But taking advantage of the changes and new features, which we are not used to including in our code, can be a tough task. Also, it can lead to improper use or poor uptake, bugs, or basically not taking full advantage of new improvements.]]> 2024-04-01T22:00:00+00:00 https://www.sonarsource.com/blog/ensuring-the-right-usage-of-java-21-new-features www.secnews.physaphae.fr/article.php?IdArticle=8479385 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage By acknowledging the impact of technical debt and embracing proactive solutions like Sonar, development teams can mitigate its effects and build software that is resilient, reliable, and scalable.]]> 2024-03-27T08:00:00+00:00 https://www.sonarsource.com/blog/technical-debt-s-impact-on-development-speed-and-code-quality www.secnews.physaphae.fr/article.php?IdArticle=8471591 False Technical None 3.0000000000000000 SonarSource - Blog Sécu et Codage Leveraging Sonar solutions to ensure code security by design]]> 2024-03-22T16:00:00+00:00 https://www.sonarsource.com/blog/dora-compliance-for-financial-entities www.secnews.physaphae.fr/article.php?IdArticle=8468313 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Our vulnerability researchers discovered critical vulnerabilities in Erxes with the help of SonarCloud. Learn about the details and how to triage such issues in your own code!]]> 2024-03-21T17:00:00+00:00 https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices www.secnews.physaphae.fr/article.php?IdArticle=8467999 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage Node.js is reducing friction when using ES modules by making it easier to get the current module directory name]]> 2024-03-21T07:00:17+00:00 https://www.sonarsource.com/blog/dirname-node-js-es-modules www.secnews.physaphae.fr/article.php?IdArticle=8467686 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage As software development evolves, keeping up with best practices, the latest trends, and ensuring your code remains top-notch can feel like sailing uncharted waters. Sonar has the Clean Code tips for you!]]> 2024-03-12T13:00:00+00:00 https://www.sonarsource.com/blog/cleancodetips-unlock-your-coding-potential www.secnews.physaphae.fr/article.php?IdArticle=8462733 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Learn how an attacker can combine multiple security vulnerabilities to achieve arbitrary code execution on a victim that tries to reply or forward a malicious mail in Mailspring.]]> 2024-03-11T23:00:00+00:00 https://www.sonarsource.com/blog/reply-to-calc-the-attack-chain-to-compromise-mailspring www.secnews.physaphae.fr/article.php?IdArticle=8462702 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage PCI DSS 3.2.1 is being retired on March 31, 2024. Are you ready for the new standard, PCI DSS 4.0?]]> 2024-03-07T15:00:00+00:00 https://www.sonarsource.com/blog/sonarqube-pci-dss-4-0 www.secnews.physaphae.fr/article.php?IdArticle=8460915 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Increase readability, reduce cognitive complexity, and avoid bugs that are hard to spot with Java\'s Pattern Matching.]]> 2024-03-04T23:00:00+00:00 https://www.sonarsource.com/blog/increase-readability-with-java-s-pattern-matching www.secnews.physaphae.fr/article.php?IdArticle=8459378 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Learn which unexpected ways attackers may take to exploit code vulnerabilities and how to secure against them.]]> 2024-02-29T16:00:00+00:00 https://www.sonarsource.com/blog/opennms-vulnerabilities-securing-code-against-attackers-unexpected-ways www.secnews.physaphae.fr/article.php?IdArticle=8457033 False Vulnerability,Threat None 2.0000000000000000 SonarSource - Blog Sécu et Codage The ONCD recent report puts a spotlight on one of the most foundational issues that result in insecure software. Sonar applauds the administration\'s call for addressing software vulnerabilities at the programming language and source code levels.]]> 2024-02-29T14:00:00+00:00 https://www.sonarsource.com/blog/white-house-emphasizes-need-for-proactive-coding-practices-to-counter-cyber-attacks www.secnews.physaphae.fr/article.php?IdArticle=8456974 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage As part of our continuously advancing and improving security practice, we are pleased to announce that Sonar and its products are now certified to the latest version of the ISO72001 standard.]]> 2024-02-27T14:30:00+00:00 https://www.sonarsource.com/blog/sonar-reaffirms-strength-of-its-ISMS-by-earning-the-latest-iso-certification-iso27001-2022 www.secnews.physaphae.fr/article.php?IdArticle=8455912 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage Ineffective communication impacts everything in software development. To ensure your next project meets expectations, transparent communication is essential for driving timely delivery when working with internal and external development teams.]]> 2024-02-27T14:00:00+00:00 https://www.sonarsource.com/blog/how-timely-delivery-comes-from-transparent-outsourced-software-development-communication www.secnews.physaphae.fr/article.php?IdArticle=8455878 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Spring framework offers a lot of help in the development, but we still have to pay attention and make the right use of it in order to avoid some issues.]]> 2024-02-21T23:00:00+00:00 https://www.sonarsource.com/blog/builders-withers-and-records-java-s-path-to-immutability www.secnews.physaphae.fr/article.php?IdArticle=8453573 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Our Clean Code solution, SonarCloud, led us to a severe security issue in the popular Content Management System Joomla.]]> 2024-02-20T16:00:00+00:00 https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8452794 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage The JavaScript Set was introduced to the language in the ES2015 spec, but it has always seemed incomplete. That\'s about to change with the addition of functions like intersection, union and difference.]]> 2024-02-15T07:00:00+00:00 https://www.sonarsource.com/blog/union-intersection-difference-javascript-sets www.secnews.physaphae.fr/article.php?IdArticle=8450288 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage SonarQube 10.4 was recently released and it includes 48 new rules and one updated rule to help you to write clean code in your React applications.]]> 2024-02-13T07:00:00+00:00 https://www.sonarsource.com/blog/clean-react-code-sonarqube www.secnews.physaphae.fr/article.php?IdArticle=8449548 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage We are modernizing our Web API. In this post, Aurélien Poscia explains how and why.]]> 2024-02-08T19:00:00+00:00 https://www.sonarsource.com/blog/new-web-api-v2 www.secnews.physaphae.fr/article.php?IdArticle=8448044 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Sonar is honored to participate in the newly established U.S. Artificial Intelligence Safety Institute Consortium (AISIC) effort and is excited to join other leaders at the forefront of AI development.]]> 2024-02-08T14:00:00+00:00 https://www.sonarsource.com/blog/building-the-foundation-for-a-strong-ai-future www.secnews.physaphae.fr/article.php?IdArticle=8448018 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Outsourcing software development requires a clear understanding of the potential risks. In this blog, we discuss five risks of this widely adopted strategy and provide tactics to minimize risk in delivered software.]]> 2024-02-07T14:00:00+00:00 https://www.sonarsource.com/blog/5-risks-of-outsourcing-software-development-and-how-to-avoid-them www.secnews.physaphae.fr/article.php?IdArticle=8447702 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage The SonarQube 10.4 release includes some exciting changes that show the benefit of Clean Code and the Clean as You Code methodology. Scan times are faster and connecting to SonarLint is easier. Sonar is introducing easy onboarding for GitLab, new support for Helm Charts, and much more.]]> 2024-02-06T15:00:00+00:00 https://www.sonarsource.com/blog/sonarqube-10-4-release-announcement www.secnews.physaphae.fr/article.php?IdArticle=8447484 False None None 1.00000000000000000000 SonarSource - Blog Sécu et Codage The dangerous Desanitization pattern led to an XSS vulnerability in the open-source helpdesk software osTicket, which can be used to leak customer data.]]> 2024-02-06T14:00:00+00:00 https://www.sonarsource.com/blog/pitfalls-of-desanitization-leaking-customer-data-from-osticket www.secnews.physaphae.fr/article.php?IdArticle=8447392 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage Juliet C# is a project from the National Institute of Standards and Technology of the USA. As a security benchmark project, we used Juliet C# 1.3 to test and improve our C# analyzer. Here is a glimpse of the work we did around Juliet and some of its test cases related to the SecureString .NET type.]]> 2024-02-01T08:00:00+00:00 https://www.sonarsource.com/blog/juliet-c-benchmark-and-the-securestring-case www.secnews.physaphae.fr/article.php?IdArticle=8445509 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage This blog post highlights the importance of verifying the origin of JavaScript message events and outlines the potential impact of omitting this by detailing two critical vulnerabilities in the Squidex application.]]> 2024-01-28T23:00:00+00:00 https://www.sonarsource.com/blog/who-are-you-the-importance-of-verifying-message-origins www.secnews.physaphae.fr/article.php?IdArticle=8444459 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance.]]> 2024-01-24T23:00:00+00:00 https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins www.secnews.physaphae.fr/article.php?IdArticle=8442978 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows]]> 2024-01-23T19:00:00+00:00 https://www.sonarsource.com/blog/blazor www.secnews.physaphae.fr/article.php?IdArticle=8442279 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage We share the biggest three issues we faced and the lessons we learned as we upgraded SonarQube to React 18.]]> 2024-01-17T07:00:00+00:00 https://www.sonarsource.com/blog/upgrading-react-18-sonarqube www.secnews.physaphae.fr/article.php?IdArticle=8439844 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2023.]]> 2024-01-03T23:00:00+00:00 https://www.sonarsource.com/blog/vulnerability-research-highlights-2023 www.secnews.physaphae.fr/article.php?IdArticle=8434521 False Vulnerability,Studies None 3.0000000000000000 SonarSource - Blog Sécu et Codage We\'re excited to share not only how Sonar performs on Python benchmarks but also the ground truth corresponding to the list of expected and not-so-expected issues.]]> 2023-12-28T14:00:00+00:00 https://www.sonarsource.com/blog/sonar-scoring-on-the-top-3-python-sast-benchmarks www.secnews.physaphae.fr/article.php?IdArticle=8430314 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage The Developer Advocate team shares their predictions on what they foresee for DevOps trends and hot topics in 2024.]]> 2023-12-21T14:00:00+00:00 https://www.sonarsource.com/blog/2024-devops-predictions-from-the-sonar-developer-advocate-team www.secnews.physaphae.fr/article.php?IdArticle=8426842 False Prediction None 3.0000000000000000 SonarSource - Blog Sécu et Codage Reflecting on changes in the industry over the past year, as well as the research we\'ve published, the Sonar Vulnerability Research team came together and compiled our thoughts on what we foresee for cybersecurity in 2024.]]> 2023-12-14T14:00:00+00:00 https://www.sonarsource.com/blog/2024-security-predictions-from-the-sonar-research-team www.secnews.physaphae.fr/article.php?IdArticle=8422722 False Vulnerability,Prediction None 3.0000000000000000 SonarSource - Blog Sécu et Codage Last week, several SonarSourcers traveled to London to attend our third Black Hat event of the year. Here\'s what happened!]]> 2023-12-13T23:00:00+00:00 https://www.sonarsource.com/blog/sonar-black-hat-europe www.secnews.physaphae.fr/article.php?IdArticle=8422792 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Our Clean Code solution SonarCloud discovered multiple vulnerabilities leading to remote code execution on pfSense CE 2.7.0. Let\'s see how SonarCloud found them and how it can keep your code clean.]]> 2023-12-11T23:00:00+00:00 https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud www.secnews.physaphae.fr/article.php?IdArticle=8421547 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage Spring framework offers a lot of help in the development, but we still have to pay attention and make the right use of it in order to avoid some issues.]]> 2023-12-10T23:00:00+00:00 https://www.sonarsource.com/blog/spring-framework-pitfalls www.secnews.physaphae.fr/article.php?IdArticle=8424665 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Nesting ternary operators makes code more complex and less clear. Let\'s investigate other ways to write conditional expressions.]]> 2023-12-07T07:00:00+00:00 https://www.sonarsource.com/blog/stop-nesting-ternaries-javascript www.secnews.physaphae.fr/article.php?IdArticle=8419785 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Not only does bad code cost companies millions of dollars, but countless hours of lost time, productivity, and brand reputation too. By acknowledging the existence of bad code and implementing proactive measures to mitigate its impact, developers and organizations can steer software toward success.]]> 2023-12-05T14:00:00+00:00 https://www.sonarsource.com/blog/unraveling-the-costs-of-bad-code-in-software-development www.secnews.physaphae.fr/article.php?IdArticle=8419277 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage What are hard coded secrets? Why do you care if secrets are hidden in your code? How does Sonar help prevent secrets from getting into your code, entering your repository, and leaking out from your CI/CD pipeline? In this post, Product Manager, Alex Gigleux, answers all your questions.]]> 2023-11-29T23:00:00+00:00 https://www.sonarsource.com/blog/secrets-detection www.secnews.physaphae.fr/article.php?IdArticle=8418172 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Omdia - an analyst firm that provides decades of industry experience, world-class research and consultancy, and actionable insights in over 200 markets - has published research about Sonar, our solutions, and recent innovations of deeper SAST and zero-configuration automatic analysis for C/C++. The research digs into why Sonar should be on your radar and also takes a look at the market view as well as from a current positioning.]]> 2023-11-28T23:00:00+00:00 https://www.sonarsource.com/blog/sonar-is-on-the-radar-new-omdia-report www.secnews.physaphae.fr/article.php?IdArticle=8417869 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage It\'s time to wrap up our series on the security of Visual Studio Code with new vulnerabilities in the NPM integration, bypassing the Workspace Trust security feature.]]> 2023-11-20T23:00:00+00:00 https://www.sonarsource.com/blog/vscode-security-finding-new-vulnerabilities-npm-integration www.secnews.physaphae.fr/article.php?IdArticle=8415359 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage Top issues in Java projects]]> 2023-11-20T23:00:00+00:00 https://www.sonarsource.com/blog/top-issues-in-java-projects www.secnews.physaphae.fr/article.php?IdArticle=8417870 False Guideline None 3.0000000000000000 SonarSource - Blog Sécu et Codage The new SonarQube 10.3 release is out now, including Secrets Detection at the Source, Clean Code Taxonomy & Clean as You Code Updates, Automate Provisioning GitHub Projects and Teams, 2023 CWE Top 25 Report, the Blazor Framework, and Stronger Security.]]> 2023-11-15T15:00:00+00:00 https://www.sonarsource.com/blog/sonarqube-10-3-release-announcement www.secnews.physaphae.fr/article.php?IdArticle=8412529 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers vulnerabilities our researchers discovered in third-party extensions.]]> 2023-11-14T18:00:00+00:00 https://www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions www.secnews.physaphae.fr/article.php?IdArticle=8411977 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage Sonar\'s Scoring on the Top 3 C# SAST Benchmarks]]> 2023-11-07T23:00:00+00:00 https://www.sonarsource.com/blog/sonar-s-scoring-on-the-top-3-c-sast-benchmarks www.secnews.physaphae.fr/article.php?IdArticle=8408498 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers common risks and attack surfaces so you know what to expect when using it.]]> 2023-11-07T16:00:00+00:00 https://www.sonarsource.com/blog/visual-studio-code-security-deep-dive-into-your-favorite-editor www.secnews.physaphae.fr/article.php?IdArticle=8407348 False Tool,Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage Linux Foundation Executive Director Jim Zemlin joins Sonar Founder and co-CEO Olivier Gaudin to discuss Clean Code, open-source development, cybersecurity, and more!]]> 2023-11-07T12:00:00+00:00 https://www.sonarsource.com/blog/linux-foundation-chat-open-source-clean-code www.secnews.physaphae.fr/article.php?IdArticle=8407284 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage To maximize the benefits of your SonarCloud trial, it\'s essential to approach the trial with a clear plan. Start a 14-day trial for your private projects & repositories completely free to get all the features of the application that you can get as a paid subscription.]]> 2023-11-04T13:00:00+00:00 https://www.sonarsource.com/blog/sonarcloud-trial-experience www.secnews.physaphae.fr/article.php?IdArticle=8407408 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage Dev tooling is not only helping shift issues left, but the tools also help identify issues that happen later, or to the right, in the development lifecycle. Like detecting secrets before they go into production or platform configuration issues.]]> 2023-10-25T13:00:00+00:00 https://www.sonarsource.com/blog/shifting-right-for-secure-platforms-and-devops www.secnews.physaphae.fr/article.php?IdArticle=8400146 False Tool None 2.0000000000000000 SonarSource - Blog Sécu et Codage Last week, members of our AppSec and Vulnerability Research teams attended the Hexacon in Paris to learn, share, and network. Read more about our highlights.]]> 2023-10-18T22:00:00+00:00 https://www.sonarsource.com/blog/hexacon2023-highlights www.secnews.physaphae.fr/article.php?IdArticle=8397736 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage If you\'ve followed us for a while, you most likely noticed that we changed the way we describe what we do. It feels like in the last couple of years, we finally managed to settle on what we had been looking for from the beginning: Clean Code. But what is Clean Code, and what does it encompass?]]> 2023-10-18T13:00:00+00:00 https://www.sonarsource.com/blog/what-is-clean-code www.secnews.physaphae.fr/article.php?IdArticle=8397384 False General Information None 3.0000000000000000 SonarSource - Blog Sécu et Codage We recently uncovered two critical code vulnerabilities in the personal cloud system CasaOS. Let\'s see what we can learn from them.]]> 2023-10-17T12:00:00+00:00 https://www.sonarsource.com/blog/security-vulnerabilities-in-casaos www.secnews.physaphae.fr/article.php?IdArticle=8396615 False Vulnerability,Cloud None 2.0000000000000000 SonarSource - Blog Sécu et Codage Java SAST Benchmarks: why you shouldn\'t trust them blindly]]> 2023-10-11T22:00:00+00:00 https://www.sonarsource.com/blog/java-sast-benchmarks-why-you-shouldn-t-trust-them-blindly www.secnews.physaphae.fr/article.php?IdArticle=8395044 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Interview with Sonar Java Enthusiasts]]> 2023-10-09T22:00:00+00:00 https://www.sonarsource.com/blog/interview-with-sonar-java-enthusiasts www.secnews.physaphae.fr/article.php?IdArticle=8393718 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Sonar founder and co-CEO, Olivier Gaudin, sits down with ISMG\'s Tom Field at Black Hat USA 2023 to discuss how development can be improved to avoid security issues.]]> 2023-10-05T13:00:00+00:00 https://www.sonarsource.com/blog/ismg-interview-securing-applications-accelerating-devops-with-clean-code www.secnews.physaphae.fr/article.php?IdArticle=8391951 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage Why I\'m passionate about Static Analysis and how I helped make it better]]> 2023-10-02T22:00:00+00:00 https://www.sonarsource.com/blog/why-i-m-passionate-about-static-analysis-and-how-i-helped-make-it-better www.secnews.physaphae.fr/article.php?IdArticle=8390833 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage A deep investigation into regular expression denial of service (ReDoS) vulnerabilities in JavaScript]]> 2023-09-29T07:00:00+00:00 https://www.sonarsource.com/blog/vulnerable-regular-expressions-javascript www.secnews.physaphae.fr/article.php?IdArticle=8389136 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage Extracting archives can be very dangerous. Read more about a critical Zip Slip vulnerability SonarCloud detected in the open-source application OpenRefine.]]> 2023-09-27T22:00:00+00:00 https://www.sonarsource.com/blog/openrefine-zip-slip www.secnews.physaphae.fr/article.php?IdArticle=8389097 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage Open Source Summit 2023]]> 2023-09-26T22:00:00+00:00 https://www.sonarsource.com/blog/open-source-summit-2023 www.secnews.physaphae.fr/article.php?IdArticle=8389077 False Conference None 3.0000000000000000 SonarSource - Blog Sécu et Codage Enhancing SAST Detection: Sonar\'s Scoring on the Top 3 Java SAST Benchmarks]]> 2023-09-26T22:00:00+00:00 https://www.sonarsource.com/blog/sonar-s-scoring-on-the-top-3-java-sast-benchmarks www.secnews.physaphae.fr/article.php?IdArticle=8388235 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Understanding how Cognitive Complexity works will help guide you on where to focus your time. This blog dives into how this Sonar-exclusive metric was formulated to accurately measure the relative understandability of methods.]]> 2023-09-22T13:00:00+00:00 https://www.sonarsource.com/blog/5-clean-code-tips-for-reducing-cognitive-complexity www.secnews.physaphae.fr/article.php?IdArticle=8386867 False General Information None 3.0000000000000000 SonarSource - Blog Sécu et Codage Our Vulnerability Research team discovered a critical vulnerability in the popular CI/CD server TeamCity, which attackers could use to steal source code and poison build artifacts.]]> 2023-09-20T22:00:00+00:00 https://www.sonarsource.com/blog/teamcity-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8386380 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers an XSS vulnerability in Tutanota Desktop and how it can be prevented.]]> 2023-09-20T15:00:00+00:00 https://www.sonarsource.com/blog/remote-code-execution-in-tutanota-desktop-due-to-code-flaw www.secnews.physaphae.fr/article.php?IdArticle=8385883 False Vulnerability,Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage Let\'s check what the new Java JDK21 LTS brings]]> 2023-09-19T22:00:00+00:00 https://www.sonarsource.com/blog/the-new-jdk-lts-is-out-long-live-jdk-21 www.secnews.physaphae.fr/article.php?IdArticle=8385676 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage With SonarQube, organizations can readily deploy workflows integrated directly into their pipelines to build on their teams\' skill sets and create resiliency to new risks.]]> 2023-09-14T13:00:00+00:00 https://www.sonarsource.com/blog/enhancing-software-development-practices-through-sonarqube www.secnews.physaphae.fr/article.php?IdArticle=8382643 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage TypeScript already understands JavaScript, but you can get more out of it when you add types to your JavaScript with JSDoc or TypeScript declaration files]]> 2023-09-13T07:00:00+00:00 https://www.sonarsource.com/blog/typing-javascript-without-typescript www.secnews.physaphae.fr/article.php?IdArticle=8382155 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers the technical details of the XSS vulnerability in Skiff.]]> 2023-09-12T16:00:00+00:00 https://www.sonarsource.com/blog/code-vulnerabilities-put-skiff-emails-at-risk www.secnews.physaphae.fr/article.php?IdArticle=8381908 False Vulnerability None 3.0000000000000000 SonarSource - Blog Sécu et Codage Sonar CEO, Olivier Gaudin, and Head of Research and Development, Johannes Dahse, meet with Security Guy TV\'s Chuck Harold to discuss deeper SAST and the importance of Clean Code.]]> 2023-09-08T04:00:00+00:00 https://www.sonarsource.com/blog/security-guy-interview-deeper-with-sast-clean-code www.secnews.physaphae.fr/article.php?IdArticle=8381264 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage Let\'s dive into what you can do to get more and more of TypeScript\'s benefits in your JavaScript projects.]]> 2023-09-07T07:00:00+00:00 https://www.sonarsource.com/blog/benefits-typescript-in-your-javascript www.secnews.physaphae.fr/article.php?IdArticle=8381265 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Discover the new features in SonarQube 10.2!]]> 2023-09-06T13:00:00+00:00 https://www.sonarsource.com/blog/sonarqube-10-2-new-standards-in-code-quality-and-security www.secnews.physaphae.fr/article.php?IdArticle=8381266 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.]]> 2023-08-28T22:00:00+00:00 https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-2 www.secnews.physaphae.fr/article.php?IdArticle=8381268 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage Enhancing Static Application Security Testing SAST, leverage benchmarks for tracking our progress.]]> 2023-08-23T22:00:00+00:00 https://www.sonarsource.com/blog/enhancing-sast-detection-leveraging-benchmarks-for-measuring-progress www.secnews.physaphae.fr/article.php?IdArticle=8381269 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage The Sonar team of developers are just returning from their trip to Las Vegas where they attended BlackHat USA 2023. If you were not able to make it, here is what you missed.]]> 2023-08-18T10:00:00+00:00 https://www.sonarsource.com/blog/blackhat-2023-overview www.secnews.physaphae.fr/article.php?IdArticle=8381271 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage What is SAST, what does deeper SAST mean, and how does this apply to your JavaScript and TypeScript applications?]]> 2023-08-17T07:00:00+00:00 https://www.sonarsource.com/blog/deeper-sast-javascript www.secnews.physaphae.fr/article.php?IdArticle=8381272 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage We dive into the technical details of the vulnerabilities we identified as part of last year\'s Pwn2Own competition.]]> 2023-08-14T22:00:00+00:00 https://www.sonarsource.com/blog/patches-collisions-and-root-shells-a-pwn2own-adventure www.secnews.physaphae.fr/article.php?IdArticle=8381273 False Vulnerability,Conference None 3.0000000000000000 SonarSource - Blog Sécu et Codage No C and C++ static analysis does not need to mean difficult configuration and pain. We explain how Sonar has made the impossible possible with one-click analysis for projects hosted in GitHub. A free automatic analysis of C and C++ projects.]]> 2023-08-13T22:00:00+00:00 https://www.sonarsource.com/blog/no-c-static-analysis-does-not-have-to-be-painful www.secnews.physaphae.fr/article.php?IdArticle=8381274 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage The Sonar team of developers are just returning from their trip to Berlin where they attended WeAreDevelopers 2023. If you were not able to make it, here is what you missed.]]> 2023-08-10T22:00:00+00:00 https://www.sonarsource.com/blog/wearedevelopers-2023-what-did-you-miss www.secnews.physaphae.fr/article.php?IdArticle=8381275 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Uncovering security vulnerabilities is particularly challenging because these issues can be complex and deeply hidden when your code uses and interacts with third-party dependency code. We are excited to share more about a major breakthrough in our detection of deeply hidden security vulnerabilities that traditional tools cannot detect.]]> 2023-08-09T13:00:00+00:00 https://www.sonarsource.com/blog/deeper-sast-uncovers-hidden-security-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8381276 False Tool,Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage Multiple variants of C++ code-bases at build time are a necessary evil on most projects - even if that\'s just debug and release. This has always made analysis more complex. But now, with first class support in SonarQube, multiple code variants are easier to analyze and understand.]]> 2023-08-02T23:00:00+00:00 https://www.sonarsource.com/blog/working-with-multiple-code-variants-in-cpp www.secnews.physaphae.fr/article.php?IdArticle=8381277 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Unexpected application states are often overlooked and can introduce severe security vulnerabilities. Read more about this real-world example.]]> 2023-07-19T22:00:00+00:00 https://www.sonarsource.com/blog/a-twist-in-the-code-openmeetings-vulnerabilities-through-unexpected-application-state www.secnews.physaphae.fr/article.php?IdArticle=8381278 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage New original research from Sonar puts a spotlight on the millions of dollars that businesses lose when they fail to implement an optimal approach for software development.]]> 2023-07-19T15:00:00+00:00 https://www.sonarsource.com/blog/new-research-from-sonar-on-cost-of-technical-debt www.secnews.physaphae.fr/article.php?IdArticle=8381279 False None None 3.0000000000000000 SonarSource - Blog Sécu et Codage Interviews with Sonar\'s Developer Advocates on their careers and what Clean Code means to them.]]> 2023-07-18T13:00:00+00:00 https://www.sonarsource.com/blog/sonar-developer-advocates-careers www.secnews.physaphae.fr/article.php?IdArticle=8381280 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage PHP analysis gets faster and better with new rules, fixed false-positives, and much more in SonarQube 9.9 LTS.]]> 2023-07-13T09:00:00+00:00 https://www.sonarsource.com/blog/sonarqube-99-lts-php-developers www.secnews.physaphae.fr/article.php?IdArticle=8381281 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Read about our key takeaways from the TROOPERS 2023 including our favorite talks and overall experience during the two days conference.]]> 2023-07-05T22:00:00+00:00 https://www.sonarsource.com/blog/troopers-2023-conference-takeaways www.secnews.physaphae.fr/article.php?IdArticle=8381282 False Conference,Conference None 3.0000000000000000 SonarSource - Blog Sécu et Codage Last week, our Vulnerability Researchers traveled to TyphoonCon 2023 in Seoul to present their talk "Patches, collisions and root shells: a Pwn2Own Adventure".]]> 2023-06-29T22:00:00+00:00 https://www.sonarsource.com/blog/typhooncon-2023-wrap-up www.secnews.physaphae.fr/article.php?IdArticle=8381283 False Vulnerability None 2.0000000000000000 SonarSource - Blog Sécu et Codage We always assume prepared statements and ORMs are enough to protect us from SQL injection, but be careful not to misuse their APIs! Let\'s look into a real-world case and see what we can learn from it.]]> 2023-06-26T22:00:00+00:00 https://www.sonarsource.com/blog/why-orms-and-prepared-statements-cant-always-win www.secnews.physaphae.fr/article.php?IdArticle=8381284 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage Read about the new features of SonarQube 9.9 LTS which help JavaScript and TypeScript developers to write Clean Code.]]> 2023-06-22T07:00:00+00:00 https://www.sonarsource.com/blog/sonarqube-99-lts-javascript-typescript-developers www.secnews.physaphae.fr/article.php?IdArticle=8381285 False None None 1.00000000000000000000 SonarSource - Blog Sécu et Codage Smoother centralized access management with GitHub, multiple code variant analysis for C/C+, a big coverage boost in Java security, and more in the latest from SonarQube.]]> 2023-06-21T05:00:00+00:00 https://www.sonarsource.com/blog/sonarqube-10-1-release www.secnews.physaphae.fr/article.php?IdArticle=8381286 False None None 1.00000000000000000000 SonarSource - Blog Sécu et Codage The Sonar culture is the shared vision, mission, values, and behaviors that make up our day-to-day experience at Sonar. Our goal as an organization is that our culture will unite and motivate SonarSourcers to work and grow together and achieve company goals while creating meaningful benevolent relationships. Discover more about our Smarter Together core value in this blog post.]]> 2023-06-14T22:00:00+00:00 https://www.sonarsource.com/blog/smarter-together-fostering-a-culture-of-collaboration-and-growth-at-sonar www.secnews.physaphae.fr/article.php?IdArticle=8381287 False None None 2.0000000000000000 SonarSource - Blog Sécu et Codage We take a look at our highlights from JSNation 2023 in Amsterdam, including our favourite talks, memorable conversations and key takeaways.]]> 2023-06-12T22:00:00+00:00 https://www.sonarsource.com/blog/sonar-at-jsnation-2023-in-amsterdam www.secnews.physaphae.fr/article.php?IdArticle=8381288 False Conference None 2.0000000000000000 SonarSource - Blog Sécu et Codage Just like it\'s not enough to simply practice karate for Mr. Miyagi, it\'s not enough for Sonar to find and fix issues when guiding developers to practice Clean Code. Developers should be able to find, understand, and fix issues to write Clean Code optimally.]]> 2023-06-06T13:00:00+00:00 https://www.sonarsource.com/blog/what-mr-miyagi-can-teach-about-clean-code www.secnews.physaphae.fr/article.php?IdArticle=8381289 False None None 3.0000000000000000