9 Questions For A Healthy Application Security Program
6/19/2015Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
Post a Comment
Author
Profile of Patrick Thomas
Senior Security Consultant, Cisco Security Solutions Member Since: 6/13/2015Author
News & Commentary Posts: 1
Comments: 0
Patrick Thomas is a recovering software developer turned Senior Security Consultant with the Cisco Security Solutions group. As a penetration tester, he helps organizations understand attackers' views of their systems, and as a consultant he helps teams build practices and capabilities to secure them. With over 10 years of industry experience, Patrick is a regular speaker at security events including Black Hat, Defcon, Appsec Cali, SecTor and TROOPERS, where he focuses on offensive and defensive web technologies.
Articles by Patrick Thomas
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
Post a Comment
White Papers
Video
4 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......
Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......
Current Issue
The Year in Security 2018This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
![[Sponsored Content] The State of Encryption and How to Improve It](https://twimgs.com/custom_content/Vera_Report.jpg)
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-6978
PUBLISHED: 2018-12-18
PUBLISHED: 2018-12-18
PUBLISHED: 2018-12-18
PUBLISHED: 2018-12-18
PUBLISHED: 2018-12-18
From DHS/US-CERT's National Vulnerability Database CVE-2018-6978
PUBLISHED: 2018-12-18
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the...
CVE-2018-20213PUBLISHED: 2018-12-18
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. NOTE: this is not a Microsoft product.
CVE-2017-15031PUBLISHED: 2018-12-18
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVE-2018-19522PUBLISHED: 2018-12-18
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input.
CVE-2018-1833PUBLISHED: 2018-12-18
IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This