Reshift IntelliJ plugin meaningfully pushes security left

IntelliJ-reshift

Reshift IntelliJ plugin Reshift has released an IntelliJ plugin that enables developers to find vulnerabilities in their own custom code and help them remediate with rich issue descriptions within the IDE.  Our mission at reshift is to empower development teams to shift security left by seamlessly integrating security checks early on at the code development […]

The Current Application Security Problem, Here’s What Our Community Thinks

As developers, security experts, and team leads we are constantly thinking about or asking how we can avoid the next big data breach?  Is the problem really larger than us? Or is this something we as development teams have the power to solve? We took this question to our community, and the result brought us […]

Reshift Security Attracts Global Audience for Security Webinar

As Covid-19 increases remote working and organizational concerns about security, Reshift’s “10 Weeks to Zero Vulnerabilities” webinar series is gathering security experts, software developers and technology leaders from some 17 countries for a weekly tutorial on eliminating software vulnerabilities. OTTAWA, May 15, 2020 – Reshift Security Inc., a Software as a Service (SaaS) start-up that […]

Path Traversal Primer for Java Developers

Path Traversal

Path Traversal attacks occur when the user can specify content to be written on the server. An attacker, relying on the application to pass unsanitized data into a file API, could overwrite files containing sensitive information on the host system running the application. The file access operation will most likely inherit the same permissions as […]

Path Traversal In Primer for Java Developers

Path Traversal

Path Traversal attacks occur when the user can specify content to be written on the server. An attacker, relying on the application to pass unsanitized data into a file API, could overwrite files containing sensitive information on the host system running the application. The file access operation will most likely inherit the same permissions as […]

Parameter Tampering Primer for Java Developers

reducing security risk

Parameter tampering can occur when web applications transmit important data to the client expecting the value to be returned on the next query. This is called round-tripping. This is done as a convenience to the developer typically because it is considered too difficult to maintain these values in a server session construct. The risk round-tripping […]

OGNL injection Primer for Java Developers

OGNL Injection

OGNL Injection occurs when the Expression Language (EL) interpreter attempts to interpret user-supplied data without validation enabling attackers to inject their own EL code. Object Graph Navigation Language (OGNL) was developed to provide developers with an easy way to extract data from an object model like a scripting language. It is similar to a server side […]

LDAP Injection Primer for Java Developers

LDAP Injection attacks are popular due to the common use of LDAP to authenticate user. The Lightweight Directory Access Protocol (LDAP) origins started with the set of OSI standards called X.500. The X.500 standards are large and heavy which communicated over the Open Systems Interconnection (OSI) protocol stack. X.500 described the Directory Access Protocol (DAP) […]

Insecure Object Primer for Java Developers

jsp-include

JSP Include Java Server Pages (JSP) allows the ability to include dynamic values within its file definition to be rendered by the server at runtime. A feature of JSP pages is to have the ability to include files via the jsp:include or c:import tag. If the tag is rendered on the server with an unvalidated […]

Expression Languages (EL) Injection Primer for Java Developers

Expression language injection

Expression Languages Injection (EL Injection) happens when an attacker can control, in part or whole, the data into the expression language. For example, Spring allows for the capabilities of an EL called Spring Expression Language (SpEL), which is a language that can support queries and can manipulate object graphs at runtime. The JavaServer Pages (JSP) […]