Материалы по теме 'GitHub Security Lab' | DevsDay.ru

IT-блоги Материалы по теме 'GitHub Security Lab'

IT-блоги Материалы по теме 'GitHub Security Lab'


Разработка The GitHub Blog 27 июля 2022 г. 17:00

In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability...... читать далее

Security GitHub Security Lab

Разработка The GitHub Blog 1 июля 2022 г. 15:22

Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly.... читать далее

Company Product Security GitHub Actions GitHub Issues

Разработка The GitHub Blog 29 июня 2022 г. 18:39

In this post I'll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I'll also look at some past vulnerabi...... читать далее

Security GitHub Security Lab

Разработка The GitHub Blog 16 июня 2022 г. 16:00

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Andro...... читать далее

Security GitHub Security Lab

Разработка The GitHub Blog 10 июня 2022 г. 19:12

How can you robustly assert and identify a user’s identity?... читать далее

Community Company OWASP OWASP Top 10 Proactive Controls

Разработка The GitHub Blog 1 июня 2022 г. 21:09

Read about all the features you may not have known come on the GitHub Free plan, and how to choose the right plan for you.... читать далее

Product

Разработка The GitHub Blog 6 мая 2022 г. 15:52

We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.... читать далее

Product Security code scanning Dependabot GitHub Security Lab

Разработка The GitHub Blog 22 апреля 2022 г. 16:30

Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.... читать далее

Security GitHub Security Lab

Разработка The GitHub Blog 19 апреля 2022 г. 17:00

Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.... читать далее

Engineering Security code scanning CodeQL GitHub Advanced Security

DevOps ubuntu.com 6 апреля 2022 г. 12:37

When you use open source software, you establish a connection with its maintainers, contributors, and users. You join a community, leveraging code and knowledge. You share bugs, solutions, recommendations, and challenges. Open source accelerates inno...... читать далее

robotics thestateofrobotics

Разработка The GitHub Blog 5 апреля 2022 г. 15:50

From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.... читать далее

Company Engineering Product GitHub Actions

DevOps DZone DevOps 26 марта 2022 г. 14:59

This is an article from DZone's 2022 DevOps Trend Report.For more: Read the Report Continuous integration (CI) and continuous delivery (CD) are crucial parts of developing and maintaining any cloud-native application. From my experience, proper...... читать далее

devops ci/cd cloud native applications azure devops ci cd pipeline iac tools

Разработка The GitHub Blog 21 марта 2022 г. 17:41

If there's one habit that can make software more secure, it's probably input validation. Here's how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.... читать далее

Community Security GitHub Security Lab OWASP Top 10 Proactive Controls

Разработка The GitHub Blog 22 февраля 2022 г. 17:00

Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.... читать далее

Product Security supply chain security

Разработка Galois, Inc. Blog 5 января 2022 г. 23:43

2021. Wow. There it went. And far more interesting than most of us anticipated. While weathering the various world storms, we also managed to keep advancing the cause of building trustworthy computing systems. Galois continued pioneering work in form...... читать далее

Highlights

Разработка The GitHub Blog 5 января 2022 г. 18:18

The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.... читать далее

Community Security CodeQL GHAS GitHub Security Lab

Разработка The GitHub Blog 28 декабря 2021 г. 17:00

As the year winds down, we're highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.... читать далее

Company

Разработка The GitHub Blog 20 декабря 2021 г. 17:47

In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.... читать далее

Community Security GitHub Security Lab OWASP Top 10 Proactive Controls