AutoFix: Automated Vulnerability Remediation using Static Analysis and LLMs

In the rapidly evolving world of software development, security remains a paramount concern. With the increasing complexity of applications and the ever-present threat of cyber attacks, developers and security teams are in a constant race to identify and fix vulnerabilities. This is where AutoFix, a groundbreaking tool, enters the picture.

Read More

Is the World Ready for the New Generation of Self-Propagating Ransomware?

Self-propagating threats such as WannaCry and Petya were only the tips of the iceberg. The success hackers enjoyed with WannaCry and Petya makes it quite likely others will try to replicate the tactics used by deploying ransomware as a worm. The propagation mechanisms employed by both ransomware families enabled the threats to spread quickly across an entire computer network. In this article, we will see how do they work and what are organizations doing to prepare themselves for the likelihood of the more pronounced threat.

Read More

The Impact of DevOps on Application Performance Management

Application Performance Mangement or APM refers to the practice of monitoring the performance of your code, application, runtimes, and overall user experience. In this article, we will talk about how DevOps impacts APM and how you can adjust to the new software supply chain.

Read More

Companies Lax on Open Source Risk

Recently, a survey done on open source risk found that enterprises are not proactive in managing and securing the use open source. Almost 40% of respondants said that no one in their company was responsible for open source compliance. Use of insecure components and vulnerable open source libraries is on a rise in enterprise applications.

Read More

5 Steps Towards GDPR Compliance

On 25th May 2018 the EU General Data Protection Regulation (GDPR) will become enforceable. It will change how businesses and public sector organizations can handle information of customers and users. GDPR is Europe’s new framework for data protection laws and replaces existing data protection directive. The full text of the regulation can be found here. In this article, we will cover five basic steps an organization can take in order to ensure GDPR compliance.

Read More

Protecting Spring Boot Apps with Botwall4J

Botwall4J is an open-source library that can help protect Java web applications from bots, content scrapers and automated account hijacking attempts. In this article, we will see how simple it is to integrate botwall4j with a Spring Boot application and get protection from bots without any code changes.

Read More

Continuous fuzzing of Java projects with GramTest

GramTest is a Java-based tool that allows you to generate random test cases based on BNF grammars. It is an open-source project and can be downloaded from GitHub. In this article, we will see how you can use GramTest to generate continuous tests that can in-turn be used to fuzz Java libraries and applications.

Read More

Lambda Security is up and running!

I have always been interested in the interplay between programming languages and software security. In particular, isn’t it nice that there are class of vulnerabilities that can be eliminated by designing a different programming language? For example, consider buffer overflow, it is one of the most common defects in C but is almost absent in a language like Java. This site will be an avenue for sharing some thoughts around software security and computer programming.

Read More