A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.| The GitHub Blog
This article gives an introduction to ethical hacking and web application penetration testing, and how it differs from for other types of penetration tests. We cover the basic principles of penetration testing and a simplified model for pentesting methodology. It will highlight key aspects of a high-quality security review, where the penetration test plays a big part, and the importance for developers to embrace a hacker's mindset (and vice-versa)| securityblog.omegapoint.se
Description When Samsung Shannon baseband receives message P-TMSI REALLOCATION COMMAND (9.4.7 in TS 24.008) from network, the length of the Mobile Identity IE (10.5.1.4) is not properly checked. Mobile identity data is directly copied to a stack buffer without prior size check. This stack …| fred's notes
Vulnerability Metrics| nvd.nist.gov
In this post, I am going to look at an increasingly important part of securing applications: Your supply chain. This includes every library, tool or service that you are using to build, run and monitor your service. When the log4shell vulnerability hit, it wasn’t just a matter of looking at the dependencies that your source code pulls in, but also at the infrastructure you’re using and the build pipeline. Have you had a look at the vulnerability reports of your dependencies lately?| beny23.github.io