CVE-2020-22669

Read Time:13 Second

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

Read More

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

Read Time:33 Second

The Open Source Security Foundation (OpenSSF) has released the npm Best Practices Guide to help JavaScript and TypeScript developers reduce the security risks associated with using open-source dependencies. The guide, a product of the OpenSSF Best Practices Working Group, focuses on dependency management and supply chain security for npm and covers various areas such as how to set up a secure CI configuration, how to avoid dependency confusion, and how to limit the consequences of a hijacked dependency. The release comes as developers increasingly share and use dependencies which, while contributing to faster development and innovation, can also introduce risks.

To read this article in full, please click here

Read More