PRESENTS Vitess security audit In collaboration with the Vitess maintainers, Open Source Technology Improvement Fund and The Linux Foundation Authors Adam Korczynski David Korczynski Creative Commons 4.0 (CC BY 4.0) Vitess Security Audit, 2023 Table of contents Table of contents 1 Executive summary 2 Notable findings 3 Project Summary 4 Audit Scope 4 Threat model formalisation 5 Conclusions 40 1 Vitess Security Audit, 2023 Executive summary In March and April 2023, Ada Logics carried out a security audit of Vitess. The primary focus of the audit was a new component of Vitess

” From https://dapr.io/#about This report describes the results of a large-scale and thorough security assessment targeting the Microsoft Distributed Application Runtime (Dapr) software complex1 out by Cure53 in summer 2020, the project entailed comprehensive penetration test and source code audit of the Dapr scope. In terms of resources, the project was assigned to four members of the Cure53 work packages (WPs) were outlined. In WP1, Cure53 performed both a broad and thorough source code audit of the latest version of Dapr. The focus was explicitly placed on the Dapr main repository and the

previous code audit (Low) DAP-02-013 WP2: Access policy bypass due to missing URL normalization (High) Miscellaneous Issues DAP-02-002 WP3: Status of miscellaneous issues from previous audit (Low) Conclusions https://dapr.io/#about This report continues a security-driven cooperation between Cure53 and Dapr, reporting on the findings of a penetration test and source code audit against the Dapr software. In addition addition to shedding light on the state of security on some new features of Dapr, the report also highlights what has been done in terms of fixing the issues that Cure53 revealed on the scope back in June 2020

PRESENTS Dapr security audit In collaboration with the Dapr maintainers, Open Source Technology Improvement Fund and The Linux Foundation Authors Adam Korczynski David Korczynski licensed under Creative Commons 4.0 (CC BY 4.0) Dapr security audit 2023 Table of contents Table of contents 1 Executive summary 2 Project Summary 3 Audit Scope 4 Threat model 5 Fuzzing 15 Issues found 45 1 Dapr security audit 2023 Executive summary In May and June 2023, Ada Logics carried out a security audit for the Dapr project. The high-level goal was to complete a holistic audit drawing on several

Istio Security Assessment Google August 6, 2020 – Version 1.1 Prepared for Arun Kumar R Prepared by Mark Manning Jeff Dileo Divya Natesan Andy Olsen Feedback on this project? https://my.nccgroup assessment was to identify security issues related to the Istio code base, highlight high risk configurations commonly used by administrators, and provide perspective on whether security features sufficiently subsequent phases of the assessment. A test plan was created which matched areas of code with specific security controls (e.g. service discovery, certificate lifecycle, side car injection) to focus testing efforts

TiDB Audit Plugin User Guide August 4, 2022 TiDB Audit Plugin User Guide Introduction The TiDB audit plugin records the TiDB server’s activities that are expected to follow auditing regulations of describes how to compile, package, and use the audit plugin. Download the plugin You can download the plugin on TiDB Enterprise Edition Downloads. Deploy the audit plugin After downloading the plugin, you TiUP to deploy the audit plugin. Use TiDB Operator to deploy the plugin Configure TidbCluster CR. tidb: additionalContainers: - command: - sh - -c - touch /var/log/tidb/tidb-audit.log; tail -n0 -F

PRESENTS Dapr Fuzzing Audit In collaboration with the Dapr project maintainers and The Linux Foundation Authors Adam Korczynski David Korczynski Date: 30th This report is licensed under Creative Commons 4.0 (CC BY 4.0) CNCF security and fuzzing audits This report details a fuzzing audit commissioned by the CNCF and the engagement is part of the broader efforts carried out by CNCF in securing the so�ware in the CNCF landscape. Demonstrating and ensuring the security of these so�ware packages is vital for the CNCF ecosystem and the CNCF continues to use state of

получении запроса на соединение процесс сервера удостоверяет пользователя по базе данных безопасности (security database). После успешного удостоверения сервер разрешает приложению (пользователю) произвести безопасности, то даже хорошее шифрование становится немного больше, чем “безопасностью по неясности” (security by obscurity). 4.2.2. Ограничение распространения данных Некоторые просят шифровать данные базы “безопасности по неясности” Предлагаются и различные другие формы “безопасности по неясности” (security by obscurity). Например, специальные события, возникающие в моменты входа/подключения и отключения

A Security Guide for otlin Developers I N D E X Overview..................................................................1 Kotlin’s Security Profile............................................2 Most Common Security Attacks...............................3 Top Kotlin Security Risk...........................................5 OWASP Mobile TOP 10 Mobile Risks..........................10 Protect developers and other key decision makers in software security and software supply chain vulnerabilities with information regarding the top security risks they can expect to face — from inherent weaknesses

Firebird File and Metadata Security Geoff Worboys Version 0.6, 30 June 2020 Table of Contents 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 7. Acceptable Low Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page and don’t know about Firebird, see this link: www.firebirdsql.org This article discusses the security of Firebird database files and in particular access to the metadata stored in those files. It has