How do Cybersecurity Assurance Levels work in ISO 21434? 🚗

Like other automotive standards, ISO 21434 recommends using CALs to determine the rigor of testing activities. Our latest blog post sheds some light on how CALs can be used to build robust software in compliance with ISO 21434.

Topics include:
➡ How CALs work
➡ The difference between CALs and risk values
➡ The role of fuzz testing within CALs

Dive in: https://www.code-intelligence.com/blog/iso21434-cybersecurity-assurance-levels

The waiting list for early access to CI Spark is now open✨

Be among the first to break down the barriers in dynamic white-box testing with our LLM-powered AI assistant.

Enroll for early access: https://www.code-intelligence.com/live-demo/ci-spark

#AppSec #AI #SoftwareTesting #llm

Happening now!🚨

Don't miss out on our live demo, where Code Intelligence co-founder Khaled Yakdan
will show you how to break the barrier of dynamic testing through detecting and autoconfiguring entry points with CI Spark.

Sign Up Here: https://www.code-intelligence.com/live-demo/ci-spark

Meet CI Spark✨
Our new #LLM-powered AI assistant for detecting and autoconfiguring entry points.

Initial results show an acceleration of 1500%, reducing the workload for onboarding new projects from several days to under three hours!

More in our blog: https://www.code-intelligence.com/blog/ci-spark

Third-party code has become irreplaceable.
However, it comes with great risk 🔴

Join us live as @metzmanj from @GoogleOSS discusses how our collaboration enabled them to uncover severe security issues in popular open-source libraries.
#Java #javascript

https://www.code-intelligence.com/webinar/mitigating-the-risks-of-3rd-party-code#register

We found a prototype pollution vulnerability in tree-kit: CVE-2023-38894 🚨

More info in our blog: https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894

#treekit #prototypepollution #javascript #npmjs

How we found a Prototype Pollution in protobuf.js - Live Demo 🚨

Our team has recently found a prototype pollution vulnerability in protobuf.js (CVE-2023-36665).

With a high CVSS Score of 9.8, this vulnerability would have put affected applications at risk of remote code execution and denial of service attacks.

Our colleague Peter Samarin wrote the bug detector behind it all, and will be giving a live demo of how this CVE was found.

Thursday, August 10th at 4:00 PM CEST/ 10:00 AM EDT

Sign up and reserve your spot today. ⏰

https://www.code-intelligence.com/webinar/how-we-found-a-prototype-pollution-in-protobufjs#register

#javascript #cve #cybersecurity

We found a prototype pollution vulnerability in protobufjs: CVE-2023-36665 🚨
Snyk CVSS Score: 8.6 (high)

Affected applications are at risk of remote code execution and denial of service attacks. The vulnerability was found by our open-source JavaScript fuzzer Jazzer.js, running in Google's OSS-Fuzz.

Mitigation:
Versions from 6.10.0 to 7.2.4 are affected and hence vulnerable to prototype pollution. The maintainer issued an update that fixed this vulnerability on April 18, 2023. We strongly recommend that impacted users upgrade to newer versions that include the fixes, i.e., version 7.2.4 and above.

Hats off to our colleague Peter for writing the bug detector and disclosing the vulnerability to the project maintainer 🙌

More info in our blog: https://www.code-intelligence.com/blog/cve-protobufjs-prototype-pollution-cve-2023-36665

#javascript #jazzerjs #cve #opensource #protobufjs

AI Is fundamentally transforming the SDLC 🔄

We published a new whitepaper taking an in-depth look at how self-learning AI will reshape the SDLC and the way we write, test and deploy code.

Get your copy at http://code-intelligence.com/ai

#softwaredevelopment #Softwareengineering #ai