9 Questions For A Healthy Application Security Program
6/19/2015Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
Post a Comment
Author
Profile of Patrick Thomas
Senior Security Consultant, Cisco Security Solutions Member Since: 6/13/2015Author
News & Commentary Posts: 1
Comments: 0
Patrick Thomas is a recovering software developer turned Senior Security Consultant with the Cisco Security Solutions group. As a penetration tester, he helps organizations understand attackers' views of their systems, and as a consultant he helps teams build practices and capabilities to secure them. With over 10 years of industry experience, Patrick is a regular speaker at security events including Black Hat, Defcon, Appsec Cali, SecTor and TROOPERS, where he focuses on offensive and defensive web technologies.
Articles by Patrick Thomas
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-14633
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-24
PUBLISHED: 2018-09-24
PUBLISHED: 2018-09-24
From DHS/US-CERT's National Vulnerability Database CVE-2018-14633
PUBLISHED: 2018-09-25
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The at...
CVE-2018-14647PUBLISHED: 2018-09-25
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming larg...
CVE-2018-10502PUBLISHED: 2018-09-24
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...
CVE-2018-11614PUBLISHED: 2018-09-24
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists wit...
CVE-2018-14318PUBLISHED: 2018-09-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of ...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This