Advertise

Application Security

7/29/2020
06:05 PM

Jai Vijayan
Slideshows

Connect Directly

1 Comment
Comment Now

11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event

More than 130 security researchers and developers are ready to showcase their work.

2 of 9

Application Security

xGitGuard

xGitGuard is an AI-based tool designed to help developers and contributors detect sensitive information, such as user credentials and API tokens, in code that is being posted to GitHub. The goal is to ensure that an organization's tokens and other confidential information are not publicly exposed on GitHub when pushing code into the repository.

Key feature/capability: "xGitGuard takes advantage of a new text-processing algorithm that can find secrets within files with a high level of accuracy."

Threagile

Threagile is an agile, developer-friendly open source tool for doing threat modeling from within the Integrated Development Environment (IDE). The goal is to help development organizations quickly capture the risk inherent within agile projects and to ensure that key security considerations are not overlooked.

Key feature/capability: "The open source Threagile toolkit can be executed as a simple docker container and runs either as a command line tool or a full-fledged server with a REST-API."

Image Source: wutzkohphoto via Shutterstock

2 of 9

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

100%

daneseelen,
User Rank: Apprentice
8/16/2020 | 3:13:05 PM

Interesting on the Purple Tool

I would be curious to try this out to see how well it works.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

NSA Appoints Rob Joyce as Cyber Director

Dark Reading Staff 1/15/2021

Vulnerability Management Has a Data Problem

Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

IFSEC Global, Staff, 1/14/2021

Webinars

What We Can Learn from Sports Analytics

How Elite Analyst Teams are Transforming Security with Cyber Reconnaissance

ROI and Beyond for the Cloud

Webinar Archives

White Papers

How to Prioritize Risk Across the Cyberattack Surface

Passwordless: The Future of Authentication

The 2020 Duo Security Trusted Access Report

The Insider's Guide to IP Geolocation Data During COVID-19

Frost Radar: Global Threat Intelligence Platform Market

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: This is not what I meant by "I would like to share some desk space"

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-1067
PUBLISHED: 2021-01-20

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.

CVE-2021-1068
PUBLISHED: 2021-01-20

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.

CVE-2021-1069
PUBLISHED: 2021-01-20

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.

CVE-2020-26252
PUBLISHED: 2021-01-20

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server ...

CVE-2020-26278
PUBLISHED: 2021-01-20

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is suppli...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]