If you keep a watch on software security newsletters or blogs like the Wordfence blog, you’ll know there are a good number of new detected defects and vulnerabilities on a regular basis, even on well known plugins and software. It’s worth looking into the details of how this happens especially if you work on PHP software from time to time. Thankfully there are public records which let you compare to look at how these are fixed:
Continue reading “Learning from previous mistakes – pulling historical vulnerability information from various plugins”The new Log4j and how it may affect you
As you may have noticed, this past week saw major warnings for major Java applications or web services using Java and Log4j 2.x earlier than 2.15.0. You may wonder, how might this affect you and how can you tell if you are affected?
Continue reading “The new Log4j and how it may affect you”