Twitter | Search | |
Jeremy Long
builder, infosec, SCA and SAST enthusiast, blue team.
1,035
Tweets
168
Following
577
Followers
Tweets
Jeremy Long retweeted
April King 🌀 Nov 9
I've just released version 3.0 of 's Laboratory security extension, which makes it incredibly easy to generate Content Security Policies! 3.0 has a brand new UX, faster performance, support for WebSockets, Service Workers, form-action, and more!
Reply Retweet Like
Jeremy Long retweeted
Chris Frohoff Nov 9
Pre-auth root RCE vuln in Cisco Unity Express. "A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user."
Reply Retweet Like
Jeremy Long retweeted
Chris Wysopal Nov 7
Hackers have breached StatCounter, one of the internet's largest web analytics platforms, and have inserted malicious code inside the company's main site-tracking script.
Reply Retweet Like
Jeremy Long retweeted
Dependabot Nov 2
Monster week for Dependabot pull requests: over 11,000 merged already! 🍸
Reply Retweet Like
Jeremy Long retweeted
Steve Springett Nov 1
It’s confirmed. I’ll be talking about at in January. This one’s gonna be fun.
Reply Retweet Like
Jeremy Long retweeted
Dependabot Oct 30
In the 90 minutes since today’s Loofah vulnerability was announced we’ve opened PRs to patch it on 1,078 repos. 195 have already been merged. Stay safe out there🕵️‍♀️
Reply Retweet Like
Jeremy Long retweeted
Dependabot Oct 29
If you're using Python and a version of Requests < 2.20.0 you should upgrade to fix CVE-2018-18074. If you're using Dependabot you'll already have a PR in your inbox to do that. 🤖
Reply Retweet Like
Jeremy Long retweeted
SecAppDev Oct 30
Jim Manico will be at SecAppDev 2019 to brighten up the winter with his unmatched charismatic style of teaching web security. Come to see in action in a lecture or a 1-day workshop on web application and web service security.
Reply Retweet Like
Jeremy Long retweeted
Dependency-Track Oct 29
If you could not attend our “What’s new in Dependency-Track v3.3” session from earlier today, no worries, video from today’s presentation has been posted to YouTube.
Reply Retweet Like
Jeremy Long Oct 29
dependency-check 3.3.4 has been released! Find out what vulnerabilities exist in your applications dependencies.
Reply Retweet Like
Jeremy Long retweeted
Milton Smith ☠ Oct 25
Reply Retweet Like
Jeremy Long retweeted
Dependabot Oct 24
Thanks Mike! Seriously honoured to have been able to help with .
Reply Retweet Like
Jeremy Long retweeted
Steve Springett Oct 23
Please join me as we talk about what's new in the upcoming release of Dependency-Track v3.3. When: Oct 29, 2018 10:00 AM Central Time (US and Canada) Google Calendar Outlook Calendar
Reply Retweet Like
Jeremy Long Oct 24
Replying to @curphey
Great topic - I have been working on some fire talks in this area. For titles maybe "Subverting the SecDevOps Pipeline"
Reply Retweet Like
Jeremy Long Oct 22
Replying to @manicode
Billy goat trail is great - wish I could have joined you... alas, home repairs took precedence....
Reply Retweet Like
Jeremy Long Oct 19
Congrats!
Reply Retweet Like
Jeremy Long retweeted
Dependabot Oct 16
Come find us at ⁦⁩ if you love robots and dependencies 🤖
Reply Retweet Like
Jeremy Long retweeted
Steve Springett Oct 17
With Track you start with component metadata (bom) so you can continuously analyze for vulns and outdated components. Track uses Check as one of its many analyzers. Track uses Check (embedded) when fuzzy NVD matching is required. Check is a SCA utility, Track is a SCA platform.
Reply Retweet Like
Jeremy Long retweeted
David Litchfield Oct 15
Oracle are fixing 302 vulnerabilities tomorrow, many with a CVSS score of 10 or 9.8... Order you coffee and pizzas now.
Reply Retweet Like
Jeremy Long Oct 12
Replying to @RealGeneKim
in this case - the deserialization flaw was still present. So mischief may still be possible. However, the deserialization gadget (i.e. a specific class) had been removed which neuters the known exploit and prevents all script kitty attacks.
Reply Retweet Like