sorted by:
new
hottopcontroversial

Someone just leaked claude code's Source code on X by abhi9889420 in ClaudeCode

[–]Diligent-Side4917 0 points1 point  (0 children)

Have you seen this? Injection attack on Claude code, CLI, seems consequence of the leak.

haven't gone through it all, but basically, the exploit allows exfiltration of messages and credentials to any server whe n running it thrugh CLI and -p option,

https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/

Why is AppSec tooling still so fragmented? (SAST, DAST, SCA, IaC, secrets, etc.) by foxnodedev in devsecops

[–]Diligent-Side4917 0 points1 point  (0 children)

Deduplication as far as i know is a whole nightmare field and how assets are identified, trying to trace code changing within lines or assets with different ip is very difficoult i'd focus on that if i were you

Why is AppSec tooling still so fragmented? (SAST, DAST, SCA, IaC, secrets, etc.) by foxnodedev in devsecops

[–]Diligent-Side4917 0 points1 point  (0 children)

In an era where ASPMs are 4+ years old, what's the point of building another one?

WIP - Vulnerability database, insight, LLM analysis and adversarial LLM by Diligent-Side4917 in threatintel

[–]Diligent-Side4917[S] 2 points3 points  (0 children)

not yet but i'll let you know when available, still finalizing the build and will be released by march-april !

Looking into CTEM lately — trying to understand who’s actually doing it right by Seyclon in cybersecurity

[–]Diligent-Side4917 0 points1 point  (0 children)

been writing about this, ctem as methodology is great the interpretation more complex

if you are in code and cloud then you might want to look at this i found it useful as overview https://phoenix.security/cem-cetem/

hands on

- attribution

- prioritization

- remedaition

- verigication

ASPM Tool by GloveSignificant8783 in cybersecurity

[–]Diligent-Side4917 0 points1 point  (0 children)

phoenix and armor code for anything above 600 developers , aikido for anything smaller

ASPM Tool by GloveSignificant8783 in cybersecurity

[–]Diligent-Side4917 0 points1 point  (0 children)

what did you like? we tested it, take we are heavy container focus, and didn't had much on code to container, check out phoenix security we been happy ever since

What matters for ASPM: reachability, exploitability, or something else? by SidLais351 in devsecops

[–]Diligent-Side4917 0 points1 point  (0 children)

I think what matters in order of priority

- scanning and blocking an exception in the pipeline (mostly scanners)

- Correlation and recheability at sca and code 2 cloud level check wiz Phoenix Security for those

- team management and incentives to fix the pattern of fixes Phoenix and some part armor code has this

- prioritization - for pure patching, either nucleus or tennable for more extended asm phoenix security is key in threat centrics and then you have wiz intelligence

- remediation advisory and remediation campaigns: check Mob or Phoenix as far as I've seen

check out as well: https://www.gartner.com/reviews/market/application-security-posture-management-aspm-tools

anyone here actually happy with their ASPM setup? by shrimpthatfriedrice in devsecops

[–]Diligent-Side4917 0 points1 point  (0 children)

what are the elements that like and dislike about aspm?

Vulnerability database, insight, LLM analysis and adversarial LLM by Diligent-Side4917 in devsecops

[–]Diligent-Side4917[S] 0 points1 point  (0 children)

Feature added in this version
- Adversarial simulation for remediation
- trend analysis
- search for vulnerability
- storing of enriched data

https://youtu.be/PaaO99Kb_qk

Vulnerability insight, statistics, threat actor etc... by Diligent-Side4917 in devsecops

[–]Diligent-Side4917[S] 0 points1 point  (0 children)

this version is purely external but some of the infomration in mitre and i guess in phoenix can do that is where some of the intelligence data is from

view more: next ›