Home Blog Page 2

NowSecure Drives OWASP Cellular Requirements to Strengthen AppSec

codesanitize
-
0
NowSecure Drives OWASP Cellular Requirements to Strengthen AppSec


NowSecure just lately celebrated three years of contributing to the OWASP Cellular App Safety Undertaking which produces globally acknowledged requirements for safe cell app improvement and cell app safety testing. The corporate’s trade management as an OWASP MAS Advocate has superior cell safety and offered cell software threat administration options that align with OWASP requirements to scale back threat, strengthen privateness and guarantee compliance.

Led by Carlos Holguera, the OWASP MAS Undertaking co-chair and a NowSecure principal analysis engineer, the NowSecure contributions to OWASP cell safety initiatives will be partially quantified by GitHub metrics:

  • 320+ pull requests
  • 230+ opinions
  • 42,000+ additions
  • 29,500+ deletions

These numbers mirror greater than exercise — they show management. NowSecure has considerably superior OWASP MAS sources by contributing useful content material, reviewing group submissions and sustaining the general readability and high quality of the mission.


NowSecure has considerably superior OWASP MAS sources by contributing useful content material, reviewing group submissions and sustaining the general readability and high quality of the mission.

Why OWASP Cellular Software Safety Issues to Safety Leaders

The OWASP Cellular App Safety mission gives an authoritative, community-driven framework for securing cell purposes. It contains three core parts which have develop into important sources for cell safety leaders, practitioners and builders:

  • MASVS: The Cellular Software Safety Verification Normal (MASVS) defines the safety controls required to safe a cell app throughout completely different menace fashions.
  • MASTG: The Cellular Software Safety Testing Information (MASTG) gives detailed check instances and methodologies to evaluate app compliance in opposition to MASVS.
  • MASWE: The Cellular App Safety Weak point Enumeration (MASWE) gives a structured taxonomy of identified cell safety weaknesses for higher vulnerability monitoring and remediation.
NowSecure Drives OWASP Cellular Requirements to Strengthen AppSec

Collectively, these frameworks assist safety leaders:

  • Set up constant, measurable cell software safety requirements throughout inner and third-party improvement groups
  • Align cell software safety testing with regulatory compliance necessities equivalent to GDPR, HIPAA, PCI DSS, and CCPA
  • Scale back threat publicity from cell threats by way of structured verification, safety assessments and remediation planning
  • Allow DevSecOps and AppSec groups to shift left and implement safe coding practices earlier within the improvement lifecycle.

“The MAS Requirements assist reply the crucial query, ‘Have we carried out sufficient based mostly on the enterprise threat of the cell app?” says NowSecure CEO Alan Snyder. “The requirements keep present by way of group enter, allow vendor efficiency comparisons and supply proof of cheap care to auditors and regulators.  Any critical cell app threat administration program ought to incorporate them.”

How NowSecure Helps & Contributes to OWASP MAS

As a longstanding OWASP MAS contributor and advocate, NowSecure performs a pivotal function in shaping the way forward for cell safety requirements. As talked about above, our crew has contributed greater than 320 GitHub pull requests, 230 opinions and tens of 1000’s of traces of additives and enhancements to the MASVS, MASTG and MASWE sources.

Our contributions have influenced practically each main evolution of the mission previously three years:

MASVS v2.0 & v2.1 Modernize Cellular AppSec Requirements

In 2023, OWASP launched MASVS v2.0 — a serious replace that launched a simplified, modular construction with clearly outlined MAS Testing Profiles to assist real-world cell threat fashions. NowSecure contributed technical insights, real-world testing situations and strategic steering that helped refine the usual and enhance its usability for cell builders and safety groups.

In early 2024, MASVS-PRIVACY v2.1 was addressed to handle privateness and information safety dangers — a contribution closely influenced by NowSecure’s work within the monetary, healthcare and high-tech sectors.

MASTG Refactor Enhances Sensible Testing and Usability

The Cellular Software Safety Testing Information underwent a serious refactor led partly by NowSecure. The updates included:

  • Atomic Testing: Smaller, self-contained exams with clear traceability.
  • Modular Framework: Separation of exams, methods, instruments, and app examples.
  • Improved Searchability and Upkeep: Enabling quicker onboarding and simpler adoption for safety analysts.

These updates ease the method of conducting audits, automating assessments and tracing findings again to MASVS controls — accelerating time-to-insight and time-to-remediation.

MASWE Maps the Cellular Menace Panorama

NowSecure contributed considerably to the MASWE, a brand new enumeration designed to bridge the hole between safety necessities and concrete cell weaknesses. MASWE improves the traceability between MASVS and MASTG, making it simpler for groups to trace vulnerabilities throughout the SDLC and triage dangers with precision.

Check Apps and Allow Builders

To empower cell improvement and safety groups with hands-on expertise, NowSecure supported the creation of standardized MAS Check Apps for iOS and Android. These embrace:

  • Skeleton purposes for speedy testing
  • Embedded code samples to simulate vulnerabilities
  • CI/CD integration by way of GitHub Actions

This funding helps cell groups study, check, and scale safe improvement practices in real-world environments.

Operationalize OWASP MAS with NowSecure Platform

As an enterprise chief, contributing to OWASP MAS is simply a part of the story. NowSecure built-in OWASP MAS requirements immediately into NowSecure Platform, an automatic cell app safety testing answer. This permits organizations to: 

  • Conduct steady testing aligned to MASVS Testing Profiles
  • Automate assessments for inner, third-party and public apps
  • Map findings to MASVS, MASTG and MASWE for audit-ready stories
  • Help privateness testing with MASVS-PRIVACY integration
  • Shift left with CI/CD and API-first integrations.

This strategy empowers CISOs and AppSec leaders to scale cell app safety efforts throughout the cell ecosystem and quickly launch safe apps with out slowing improvement.

Drive Strategic Cellular Safety Outcomes

By contributing to and aligning with OWASP MAS, NowSecure helps CISOs,  safety leaders and DevSecOps leaders obtain these enterprise targets: 

  • Scale back Danger: Stop information breaches and privateness violations
  • Guarantee Compliance: Meet requirements like OWASP MASVS, GDPR, HIPAA, and SOC 2
  • Allow DevSecOps: Embed safety into the SDLC and CI/CD pipeline
  • Enhance Safety Maturity: Set up a repeatable, scalable cell AppSec program
  • Reveal Management: Align your program with world safety finest practices

Accomplice with NowSecure to Lead in Cellular Software Safety

The OWASP MAS mission continues to set the worldwide customary for cell AppSec — and NowSecure is proud to paved the way. Our specialists, instruments and contributions assist enterprise safety leaders construct and preserve resilient risk-based cell safety applications backed by confirmed requirements.

Discover how NowSecure will help your crew align with OWASP MASVS requirements, automate cell app safety testing and higher handle cell app threat by requesting a NowSecure Platform demo or cell PTaaS at present.



ios – Sustaining a secure scroll place when inserting gadgets above in a ScrollView

codesanitize
-
0
ios – Sustaining a secure scroll place when inserting gadgets above in a ScrollView


Because the title says, I’m not certain tips on how to correctly construct an inverted ScrollView the place I can safely insert gadgets above my information (“prepend”) with out all the pieces leaping round.

My present code is actually this:

@State non-public var scrollPosition = ScrollPosition(idType: Message.ID.self)

non-public func onMessageDidScrollIntoView(_ id: Message.ID) {
  let indexOfVisibleMessage = /* ... */
  if indexOfVisibleMessage < 10 {
    fetchOlderMessages()
    // ^ this updates my ViewModel `messages`
  }
}

var physique: some View {
  ScrollView {
    LazyVStack {
      ForEach(messages) { message in
        MessageCell(message)
      }
    }.scrollTargetLayout()
  }
  .defaultScrollAnchor(.backside)
  .scrollPosition($scrollPosition)
  .onChange(of: scrollPosition) { oldValue, newValue in
    guard let visibleMessageId = scrollPosition.viewID(sort: Message.ID.self) else { return }
    onMessageDidScrollIntoView(visibleMessageId)
  }
}

..so if the consumer scrolls as much as the oldest 10 messages, I begin loading extra and insert them on the high.

The issue with that is that the ScrollView now jumps when new messages are inserted. It’s because the ScrollView maintains it is Y place, however the content material dimension adjustments since we’re including new gadgets “above”.

I attempted to mess around with just a few strategies I discovered on StackOverflow, particularly;

  • Inverting the ScrollView (.scaleEffect(y: -1) on the ScrollView after which once more on the MessageCell to counter it): This by some means jumped the x place of the ScrollView and utterly breaks .contextMenu.
  • Taking part in round with .onScrollGeometryChange to replace scrollPosition.scrollTo(y:) when it is contentSize adjustments: This simply did not work and stopped the consumer scroll gesture/interplay.
  • Setting scrollPosition to the Message.ID I need to preserve secure earlier than doing an replace: This did not do something.

However nothing really labored for the explanations described above.

How do you really construct these UIs in SwiftUI? I believe an inverted ScrollView is sort of a standard UI, and clearly information must be loaded lazily.

subnet – Is it right to place 255.255.255.0 for ‘netmask’ in /and so on/community/interfaces for a bridge with static IP with this LAN setup?

codesanitize
-
0
subnet – Is it right to place 255.255.255.0 for ‘netmask’ in /and so on/community/interfaces for a bridge with static IP with this LAN setup?


I’m making an attempt to study extra about laptop networks by establishing issues in my homelab, which features a pfSense router and a spare laptop computer which has Debian put in on it. I’ve arrange a KVM visitor on the Debian machine. My purpose is to configure issues in order that I can attain the KVM visitor from my LAN, simply as I can attain some other system on the LAN. To attain this, I’m following this information to arrange a bridge on the Debian machine: https://jamielinux.com/docs/libvirt-networking-handbook/bridged-network.html

I’m on the level the place I must put the next config into /and so on/community/interfaces:

# If not sure what 'netmask' or 'gateway' must be, ask your internet hosting supplier.

iface eth0 inet guide

auto br0
iface br0 inet static
    # Use the MAC handle recognized above.
    hwaddress ether f1:c2:7e:46:c8:9a
    handle 192.168.3.246
    netmask ?????????????????????????????????????????????
    gateway 192.168.3.1

    bridge_ports eth0
    # If you wish to activate Spanning Tree Protocol, ask your internet hosting
    # supplier first as it might battle with their community.
    bridge_stp off
    # If STP is off, set to 0. If STP is on, set to 2 (or higher).
    bridge_fd 0

# Irrelevant, since I haven't got IPv6 configured
#iface br0 inet6 static
#    handle 2001:db8::1
#    netmask 64
#    gateway fe80::1
#    autoconf 0

My LAN seems like this:

Primary address pool

DHCP static mapping

My concept was to provide the Debian server the static IP 192.168.3.246, as a result of I perceive it needs to be outdoors the handle pool vary, however contained in the LAN (so the values I might select from are 246-254)?.

My query is: what do I put because the netmask? Ought to or not it’s 255.255.255.0 (or alternatively, 24), as a result of that’s the subnet masks of the LAN?

I’ve been making an attempt to know this by studying the manpages for interfaces, however I do not perceive how netmask is used when I’ve a static IP.

Remark: Decoupling AI’s development from its GHG emissions would require tech trade collaboration

codesanitize
-
0
Remark: Decoupling AI’s development from its GHG emissions would require tech trade collaboration



Remark: Decoupling AI’s development from its GHG emissions would require tech trade collaboration

By Alastair Collier, Chief R&D Officer with local weather expertise agency A More healthy Earth

Surging greenhouse gasoline emissions brought on by the unreal intelligence (AI) revolution might derail Europe’s local weather ambitions, based on a new report. By 2030, the continent’s rising variety of datacentres might pressure its energy provide and improve its greenhouse gasoline emissions eightfold.

This creates an actual rigidity for hyperscalers, who’re driving the digital and AI growth, to match their development and innovation with local weather ambitions. To maintain decarbonisation on observe, the trade should come collectively to take motion on this shared and pressing problem – decoupling AI development from its emissions.

A holistic method
To speed up options on the velocity and scale required, the trade must be working in partnership. This implies hyperscalers collaborating each with their information centre suppliers, and one another.

To drive progress and make the largest influence, such an method needs to be holistic, contemplating three principal priorities for mitigation and adaption: lowering emissions created by digital infrastructure, eradicating laborious to abate emissions from the ambiance, and adapting bodily infrastructure to make sure it may well stand up to the impacts of local weather change.

  1. Scale back

The tech trade, and humanity extra broadly, should reply to rising emissions by drastically slashing the quantity of carbon dioxide our actions launch into the ambiance.

High precedence for should due to this fact be to cut back the general carbon emissions produced by information centres and digital infrastructure, for instance by growing information centre effectivity, and selecting and investing in cleaner, renewable power sources. As hyperscalers embark on this journey, sharing learnings and improvements will assist them not solely tackle their very own provide chains, however stage up the broader trade, which frequently depends on shared infrastructure.

  1. Take away

Current analysis from the College of Oxford discovered that round 7 to 9 billion tonnes of CO2 per 12 months will should be faraway from the ambiance by mid-century, if we’ve to have any likelihood of reaching our local weather objectives.

For emissions heavy industries like tech, that is notably important. Even with important reductions in emissions, the one technique to obtain net-zero is coupling discount with the elimination of carbon dioxide from the ambiance. Hyperscalers are already recognising this want and are driving the carbon dioxide elimination (CDR) market. In actual fact, Microsoft was answerable for a staggering 91% of CDR transactions within the second quarter of 2024.

The provision and implementation of largescale carbon elimination methods is consequently pressing, however traditionally the market has been underregulated and lacked credibility. Within the face of rising AI emissions, hyperscalers should channel their CDR funding into high-integrity, confirmed options that are able to scale now. Promisingly, within the face of this new problem, Microsoft has already shifted focus to make sure it’s investing in “long-term, higher-impact” carbon elimination tasks.

That’s the reason at A More healthy Earth we are actually constructing the UK’s largest biochar manufacturing facility, in Wiltshire, which is able to flip waste biomass into biochar – a charcoal like substance which captures and sequesters carbon. Crucially, it should create high-quality, carbon credit that relate to tangible, real-world carbon elimination at the moment.

  1. Adapt

Local weather change is already right here. With floods, excessive climate occasions and droughts growing in frequency and depth, now we have no alternative however to begin adapting. Digital infrastructure faces a specific problem, most continuously being inbuilt city environments, the place there’s much less nature to behave as pure defences to stave off the worst results of local weather change.

For instance, we’re at present researching how biochar can be utilized in asphalt, for constructing new information centres. Early outcomes recommend that not solely can it scale back the general carbon footprint of buildings, it may well additionally assist higher water drainage. As a porous substance, biochar in asphalt has the potential to facilitate higher water motion and scale back waterlogging, making buildings extra resilient within the face of flooding.

The way in which ahead
As AI turns into ubiquitous in all our lives, the expansion in new information centres is driving up each power necessities and greenhouse gasoline emissions. To make sure this doesn’t compromise essential local weather targets – just like the European Union’s ambition to cut back emissions by 55% by 2030 in contrast with 1990 ranges – tech corporations should now work as a collective utilizing this three-pronged method. AI has monumental potential to enhance our trendy lives – however the trade should step as much as the problem and guarantee its development is accountable.

Canada’s 10 largest non-U.S. commerce companions centered on constructing clear economies, and Canada can ship: report

codesanitize
-
0
Canada’s 10 largest non-U.S. commerce companions centered on constructing clear economies, and Canada can ship: report


VANCOUVER — The continued tariff drama created by President Donald Trump has turned financial diversification right into a nationwide crucial for America’s northern neighbour.

Luckily, Canada has commerce agreements with 60% of the worldwide economic system, making it effectively positioned to reduce its reliance on U.S. markets. However as Canadian governments and firms look to make strategic and long-term funding choices with these buying and selling companions in thoughts, Canada should precisely assess the place their economies are headed.

Accordingly, a new Clear Power Canada evaluation finds that amongst Canada’s 10 largest non-U.S. commerce companions, all of them have net-zero commitments and carbon pricing methods, and roughly half apply carbon border changes on imports and have home EV necessities reshaping their automotive markets.

Taken collectively, these measures ship a transparent, unmistakable sign. Carbon border changes, for instance, levy a cost based mostly on the carbon depth of a great’s manufacturing and due to this fact incentivize low-carbon merchandise from importing nations like Canada.

In the meantime, the existence of a carbon worth and a requirement for extra EVs signifies that a market is weaning itself off fossil fuels, and thus demand for oil and fuel will see a decline, whereas curiosity in clear vitality imports and low-carbon merchandise will improve.

Various suppose tanks and enterprise teams have analyzed and recognized alternatives in Canada’s clear economic system, together with however not restricted to scrub electrical energy technology and transmission, important minerals, EVs and batteries, low-carbon heavy business, and value-added agricultural and forest merchandise, all of that are explored within the report.

To understand Canada’s potential, federal and provincial governments ought to take quite a lot of necessary steps, together with:

  • accelerating regulatory and allowing processes for clear development initiatives,
  • recognizing inexperienced collar employee credentials throughout provinces,
  • accelerating the build-out of important commerce, vitality, and transportation infrastructure,
  • prioritizing interprovincial electrical energy grid interties in strategic areas,
  • supporting demand for clear items that profit Canadian suppliers,
  • and selling Canadian companies overseas and Canada as a vacation spot for funding below the banner of a “Clear Canada” model.

As The World Subsequent Door concludes, seizing the clear financial alternative will not be about beginning over, however about leveraging pre-existing industries and benefits in a means that units Canada up for a sustainable future.

RESOURCES

Report | The World Subsequent Door



123...4,036Page 2 of 4,036
© Newspaper WordPress Theme by TagDiv