RASP: A False Sense of Security For Apps & Data
8/17/2015Betting on a single runtime tool like RASP is not the solution for eliminating application security risk.
Post a Comment
Author
Profile of Mark Carrizosa
VP of Security, Soha Systems Member Since: 8/3/2015Author
News & Commentary Posts: 1
Comments: 3
Mark Carrizosa is the vice president of Security at Soha Systems, a cloud-based application security provider for enterprises and SaaS providers. Carrizosa joined Soha Systems in 2015 from Walmart where, as principal security architect, he developed and implemented the company's global e-commerce security architecture framework. Prior to Walmart, Carrizosa held security management roles at Wells Fargo and PetSmart.
Articles by Mark Carrizosa
Betting on a single runtime tool like RASP is not the solution for eliminating application security risk.
Post a Comment
White Papers
Video
4 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security DepartmentThis Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
How Enterprises Are Using IT Threat Intelligence
Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-20000
PUBLISHED: 2018-12-10
PUBLISHED: 2018-12-10
PUBLISHED: 2018-12-10
PUBLISHED: 2018-12-10
PUBLISHED: 2018-12-09
From DHS/US-CERT's National Vulnerability Database CVE-2018-20000
PUBLISHED: 2018-12-10
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.
CVE-2018-20001PUBLISHED: 2018-12-10
In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.
CVE-2018-20002PUBLISHED: 2018-12-10
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
CVE-2018-19991PUBLISHED: 2018-12-10
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
CVE-2018-19653PUBLISHED: 2018-12-09
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This