Security Research Blog
Get innovative research, observations and updates from the Micro Focus Security Research experts to help you proactively identify threats and manage risk.
Use the OPTIONS button below to subscribe

Security Research Blog - Page 2

Micro Focus Expert
Micro Focus Expert

The Fortify on Demand team is excited to announce the release of version 19.2. This exciting update contains functionality, automation, and user experience improvements


Read Blog Article

Read more
0 0 2,284
Micro Focus Expert
Micro Focus Expert

Fortify Software Security Research (SSR) is pleased to announce the immediate availability of updates to Fortify Secure Coding Rulepacks (English language, version 2019.1.0), Fortify WebInspect SecureBase (available via SmartUpdate), Fortify Application Defender, and Fortify Premium Content.


Read Blog Article

Read more
0 1 2,486
Micro Focus Contributor
Micro Focus Contributor

In our talk at Black Hat 2017 “Friday the 13th JSON Attacks”*, we mentioned a couple of known, and a few new, .NET gadgets for deserialization attacks. We recently reviewed this list and despite being one and a half years ago, it seems that only one (“PsObject”) was fixed by Microsoft and all the others are still available. In general, these gadgets are quite flexible and in most cases allow the attacker to reach remote code execution, however, we faced one problem with existing gadgets for “classic” .NET deserialization cases like BinaryFormatter. All of these gadgets required crafting large payloads, which would be a problem when the target has a payload length limitation. We have found a new gadget that solves this problem.


Read Blog Article

Read more
0 0 1,753
Micro Focus Expert
Micro Focus Expert

 

Micro Focus_Logo.png

 

 

 

Fortify Software Security Research (SSR) is pleased to announce the immediate availability of updates to Fortify Secure Coding Rulepacks (English language, version 2018.4.0), Fortify WebInspect SecureBase (available via SmartUpdate), and Fortify Premium Content.


Read Blog Article

Read more
1 0 1,257
Micro Focus Expert
Micro Focus Expert

Fortify Software Security Research (SSR) is pleased to announce the immediate availability of updates to Fortify Secure Coding Rulepacks (English language, version 2018.3.0), Fortify WebInspect SecureBase (available via SmartUpdate), Fortify Application Defender, and Fortify Premium Content.


Read Blog Article

Read more
0 0 1,547
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

With the help of the Fortify Mobile Research team, we performed binary vulnerability analysis across publicly available mobile apps from 30 major airlines around the world and found that every app had at least one vulnerability.Airlines.jpg


Read Blog Article

Read more
1 0 7,707
Reasearch Blog Welcome to the Security Research Blog!
Get innovative research, observations and updates from the Micro Focus Security Research experts to help you proactively identify threats and manage risk
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.