The Promise & Peril Of The App Era
2/7/2017Sure, apps are convenient. But when not properly assessed, they can cause security holes.
Post a Comment
Author
Profile of Jason Kent
VP of Product Management, Web Application Security, Qualys News & Commentary Posts: 1Jason Kent is Vice President, Web Application Security Product Management at Qualys. Prior to that, he held technical security positions at Veracode, BlueCoat, Aruba, and Verizon. Through more than a decade of dedicated AppSec experience, he has established expertise in AppSec PenTesting, AppSec program architecture, and AppSec tools. His efforts helping Fortune 500 companies to maintain continuous security and compliance spans application security, infrastructure security, wireless security, and physical security. Jason has spoken at conferences such as ISC2 Security Congress, Northeastern OWASP events, and for Qualys at RSA and Black Hat. A US Navy Submarine Force Veteran, Jason is also passionate about putting security people together with their stakeholders.
Articles by Jason Kent
Sure, apps are convenient. But when not properly assessed, they can cause security holes.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Name that Toon: Risky Busine
Literalist at work, boss said do the job hanging from the ceiling.
{
You want anything else boss, Yes do the ...
Latest Comment: Name that Toon: Risky Busine
Literalist at work, boss said do the job hanging from the ceiling.
{
You want anything else boss, Yes do the ...
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-3914
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
From DHS/US-CERT's National Vulnerability Database CVE-2018-3914
PUBLISHED: 2018-09-21
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can s...
CVE-2018-3915PUBLISHED: 2018-09-21
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can sen...
CVE-2018-11240PUBLISHED: 2018-09-21
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of S...
CVE-2018-11241PUBLISHED: 2018-09-21
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.
CVE-2018-16784PUBLISHED: 2018-09-21
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This