Hacker News
- Zabbix – A Case Study of Unsafe Session Storage https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage 13 comments
- Supply Chain Attack on Composer https://blog.sonarsource.com/php-supply-chain-attack-on-composer 2 comments
Lobsters
- 10 Unknown Security Pitfalls for Python https://blog.sonarsource.com/10-unknown-security-pitfalls-for-python 7 comments python , security
- Modernizing your code with C++20 https://blog.sonarsource.com/modernizing-your-code-with-cpp20 6 comments c++
- The Rules of Three, Five and Zero https://blog.sonarsource.com/the-rules-of-three-five-and-zero/ 39 comments cpp
- Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3) https://blog.sonarsource.com/checkmk-rce-chain-2/ 2 comments netsec
- Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) https://blog.sonarsource.com/checkmk-rce-chain-1/ 2 comments netsec
- A New Supply Chain Attack on PHP https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/?f=lanjelot 2 comments netsec
- Argument Injection in Visual Studio Code < 1.67.1 (CVE-2022-30129) https://blog.sonarsource.com/securing-developer-tools-argument-injection-in-vscode/ 2 comments netsec
- Zimbra unauthenticated RCE via unrar path traversal (CVE-2022-30333) https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/ 4 comments netsec
- CVE-2022-30287 - Remote Code Execution via Email in Horde Webmail https://blog.sonarsource.com/horde-webmail-rce-via-email/ 4 comments netsec
- Yarn, Pip, Composer & co: Vulnerabilities in popular package managers https://blog.sonarsource.com/securing-developer-tools-package-managers 11 comments netsec
- Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email 3 comments netsec
- CVE-2022-23131 - Zabbix SAML Authentication Bypass https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage 2 comments netsec
- WordPress < 5.8.3 - Object Injection Vulnerability https://blog.sonarsource.com/wordpress-object-injection-vulnerability 10 comments netsec
- Modernizing your code with C++20 https://blog.sonarsource.com/modernizing-your-code-with-cpp20 28 comments cpp
- NoSQL Injections in Rocket.Chat https://blog.sonarsource.com/nosql-injections-in-rocket-chat/ 6 comments netsec
- Technical analysis of Composer Vulnerabilities https://blog.sonarsource.com/php-supply-chain-attack-on-composer 6 comments php
- WordPress 5.7 XXE Vulnerability https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/ 13 comments netsec
- Crafting regexes to avoid stack overflows https://blog.sonarsource.com/crafting-regexes-to-avoid-stack-overflows 7 comments programming
- Setting the right (regex) boundaries is important https://blog.sonarsource.com/setting-the-right-regex-boundaries-is-important 3 comments programming
- SonarQube, SonarCloud users have the tooling to own Code Security https://blog.sonarsource.com/code-security-now-theres-a-tool-for-developers?utm_medium=cpc&utm_source=reddit&utm_campaign=security%20gtm&utm_term=security&utm_content=tofu 3 comments programming
- RCE in OpenEMR 5.0.2.1 Electronic Medical Records https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability 14 comments netsec
- For secure code, maintainability matters https://blog.sonarsource.com/for-secure-code-maintainability-matters 4 comments programming
- Lay a strong foundation by writing secure C and C++ utilities https://blog.sonarsource.com/lay-a-strong-foundation-with-secure-c-and-cpp-utilities 3 comments programming
- Winning the race against TOCTOU vulnerabilities in C & C++ https://blog.sonarsource.com/winning-the-race-against-toctou-vulnerabilities 4 comments cpp
- False positives are our enemies, but may still be your friends https://blog.sonarsource.com/false-positives-our-enemies-but-maybe-your-friends 5 comments programming
- What's worse than coding without tests? Coding with bad tests https://blog.sonarsource.com/whats-worse-than-coding-without-tests-coding-with 4 comments programming
- Is SonarQube/SonarCloud any useful for NodeJS+React applications? https://blog.sonarsource.com/why-you-shouldnt-use-build-breaker 6 comments devops