Asankhaya Sharma

Asankhaya Sharma

Dr. Asankhaya Sharma is the Director of Software Engineering at Veracode. Asankhaya is a cyber security expert and technology leader with over a decade of experience in creating security products for industry, academia and open-source community. He is passionate about building high performing teams and taking innovative products to market. He is also an Adjunct Professor at the Singapore Institute of Technology.

Stay up to date on Application Security

Posts by Asankhaya Sharma
  • Crypto Mining Web App POC
    | By Asankhaya Sharma

    A few months back in a previous post we gave a POC for malware embedded in an enterprise Spring MVC app. Then we got to thinking, what if we pwn3d a web app with malicious code and turned the result into a self-paying crypto-currency miner? You could give the owner of the site the option to either…

    Read Article
     
  • Machine Learning at SourceClear
    | By Asankhaya Sharma

    As you may know, SourceClear has the world’s most complete, accurate, and up-to-date database of verified vulnerabilities in open-source code. But what’s more important is that more than half of the vulnerabilities in our database are not available anywhere else and have no public disclosures. How…

    Read Article
     
  • Analyzing Apache Struts Vulnerabilities…
    | By Asankhaya Sharma

    Recently, a large data breach was disclosed by Equifax that allowed hackers to steal personal information of over 143 million Americans. The underlying issue that was responsible for the breach turned out to be an un-patched open-source Apache Struts component. In this blog post we will discuss…

    Read Article
     
  • Towards a better risk score for open…
    | By Asankhaya Sharma

    You already know that SourceClear provides robust vulnerability detection to protect your code and your customers. However, when you’re overseeing multiple projects, it can be a challenge to know where to prioritize your resources. Even if you have just one project, you may want to know how that…

    Read Article
     
  • When Will WannaCry Style Ransomware Hit…
    | By Asankhaya Sharma

    Unless you have been living under a rock you have heard all about the WannaCry ransomware. At SourceClear, we believe this week's attacks were a preview of what could happen when (not if) ransomware moves from small-value targets (consumer desktops) to large-value targets (enterprise web…

    Read Article
     
  • Cutting down on false positives with…
    | By Asankhaya Sharma

    Today we released vulnerable methods support for the Ruby language, adding to the existing support for Java and Python. Vulnerable methods analysis uses call-graph analysis to trace the actual use of the vulnerability in your projects. To understand the impact that vulnerable method support can…

    Read Article