Search results for: Authentication

We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.

As part of our ongoing commitment to npm ecosystem security, and in advance of enforcing two-factor authentication for top packages maintainers, the npm team has been hard at work improving…

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

In this third and last part, I’ll share the results of my research on Apache HTTP server, and I’ll show some of the vulnerabilities that I’ve found.

In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

Lists level up the starring experience by making it easy to organize and curate your favorite repositories on GitHub. You can create public lists that appear on your stars page…

This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.

We’re sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.

This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode.

GitHub recently introduced the ability to set an expiration date when creating or regenerating a personal access token (PAT). For a PAT that is authorized to access an organization protected…

GitHub Actions now supports OpenID Connect (OIDC) for secure deployments to cloud, which uses short-lived tokens that are automatically rotated for each deployment. This enables: Seamless authentication between Cloud Providers…

Since last year’s GitHub Universe, we’ve shipped more than 20,000 improvements to GitHub for developers, open source communities, and enterprise teams. Here’s a comprehensive overview of what we’re announcing at Universe this week.

Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.

Heading back to school? Did you just graduate? The GitHub Education Stream Team (GEST) is sharing resources, tools, and more to help emerging developers land a job.

On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client – GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys.

GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.

Recover Accounts Elsewhere allows a user to store a recovery token with a third-party recovery partner to use as a recovery method when their account is protected by two-factor authentication.…

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.