Sonar -- Build World-Class Apps with SonarQube Enterprise Edition

Here is an interesting read even though I am not at this stage of testing and deployment of applications, but some Wappler developers are. Tools and services for security testing, bad code, efficiency, vulnerabilities are offered by many sophisticated companies. I know many Coffee Lounge readers are already deeply aware of this industry and use some of their products.

The reason I post this is because one of the email hosts I use is Tutanota/Tutamail. The company I mention below saved my personal email security before I even knew of their existence.

I saw this notice when I opened up my Tutanota/Tutamail email account recently –

on June 22nd 2022 we received a security advisory from Paul Gerste, Sonar, informing us of a cross-site scripting (XSS) vulnerability in the Tutanota client which affected all platforms, and a remote code execution (RCE) vulnerability which affected just the desktop clients. We would like to thank Sonar for responsibly disclosing the cross-site scripting vulnerability in Tutanota 3.98.0. All reported issues were subject to a 90-day disclosure deadline, after which Sonar said they would make parts of the issue public. We are happy that we were able to fix the addressed issues much faster, in fact within two days.

I felt grateful to Sonar for finding & privately reporting this issue affecting ME, I looked at their website and saw that Sonar has developed some smart tools. Because of their expertise and honesty to play by the “rules” of ethical hacking and testing for application vulnerabilities I took interest and wanted to notify anyone else who finds this relevant.

This is just one article from the Sonar blog –

another

https://blog.sonarsource.com/tag/security/

Community Page
Last updated: