Critical Roundcube XSS technical details: Desanitization, unsafe Content-Types, CSS exfiltration, and a Service Worker come together to persistently leak emails from a victim's browser.
Read about it here:
https://t.co/fOa2l0ujwV
(CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)
Announcing the addition of Cloud Application Security Assessment (CASA) reports in SonarCloud. Aligned with OWASP ASVS, CASA helps secure apps with sensitive data, boosting your security posture. Coming soon to SonarQube as well 🙂 #AppSec#Security#OWASP
Join @pmckee on August 28 for a Sonar Virtual Event to discover how implementing static code analysis in our CI/CD pipeline is crucial to optimizing code quality!
Register here 👇
https://t.co/uqoKxRaV5M
😳 We actually hit 10,000 followers!! 🎉
Thank you all for being a part of our vulnerability research journey and mission to turn code into #CleanCode.
Over the years, we've uncovered some wild bugs. Let's take a look back at our personal highlights... 🧵👇
Sonar Team members between Geneva, Austin, Bochum, London, and Singapore joined in their respective home offices for Petit Raout 2024! Between go-kart racing, mini golf, and wood-cutting classes, the teams brainstormed initiatives to grow the company and build upon its culture
SonarQube 10.6 is LIVE! 🚀
✅ SonarQube runs in a FIPS-enforced environment
✅ C and C++ autoconfiguration
✅ Set rule priority to uphold your coding standards
✅ Added Scikit-learn library support for Python AI/ML practitioners.
🧵👇
The simple <script> XSS didn’t work? Don’t give up before trying some mXSS magic🪄.
Get to know the fundamentals of this bug class on your way to becoming a master of sanitizer bypasses:
https://t.co/ZBzN4g0o3s
#appsec#security#vulnerability#mXSS
📣 We have a new President of Field Operations – @lynne_doherty
A sales leader with 20+ years of experience, and a developer at heart, we are thrilled to have Lynne join the Sonar team and help us bring Clean Code to developers around the world 🤗
Heading to Lausanne for #Insomnihack? Meet our team there; we're presenting two talks:
🔓 Finding vulnerabilities in JumpServer
🧹 Bypassing HTML Sanitizers with mXSS
Excited to see you there!
@CleverTap is a customer engagement platform that powers over 10,000 apps globally, helping customers retain their users. Check out our recent case study on how their development teams improved their code quality with SonarQube!
Read the full story 👉 https://t.co/siUxHojwzJ
As an RPC client, I invoke functions on other servers, what can go wrong?🧐
Learn more on the security risks Apache Dubbo’s consumers face:
https://t.co/XbZHeOQ5tz
#appsec#security#apache
🚀 @SonarCloud & @SonarQube 10.4 expand the scanning capabilities to include Helm Chart files, alongside the existing #Kubernetes support. No extra steps needed to scans your Helm Charts, Kubernetes templates, & values.yaml. #DevOps#K8s#HelmChart
🔍Uncovering critical vulnerabilities in Jenkins, which could lead to RCE (CVE-2024-23898, CVE-2024-23897):
Check out our latest blog post for the technical details on how attackers could potentially gain unauthenticated RCE on #Jenkins
https://t.co/U7FS1oO5UB
#vulnerability
Nominations for Pwnie Awards. Talks at Black Hat, DEF CON, HEXACON. Success at Pwn2Own. Vulnerabilities in TeamCity, Proton Mail, Moodle, and much more. 2023 was definitely an exciting year for us!
https://t.co/vJFqaKcgvF
#appsec#security#vulnerability