DEV Community

# appsec

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Why Current Methods Fail to Measure Real Vulnerability Risks?

Why Current Methods Fail to Measure Real Vulnerability Risks?

Comments
2 min read
How Reachability Analysis 🔎 can help with open source vulnerabilities mess (Coana as an example)

How Reachability Analysis 🔎 can help with open source vulnerabilities mess (Coana as an example)

Comments
10 min read
Lessons Learned #4: One error message could expose all your data (FileSender CVE-2024–45186)

Lessons Learned #4: One error message could expose all your data (FileSender CVE-2024–45186)

Comments
5 min read
Lessons Learned #3: Is your random UUID really random? (Account takeover with the sandwich 🥪 attack)

Lessons Learned #3: Is your random UUID really random? (Account takeover with the sandwich 🥪 attack)

Comments
7 min read
Leveraging Large Language Models for Cross-Component Vulnerability Detection

Leveraging Large Language Models for Cross-Component Vulnerability Detection

Comments
3 min read
SQL Injection: the vulnerability that refuses to die

SQL Injection: the vulnerability that refuses to die

Comments
4 min read
Access Control Security: Learning from Major Data Breaches

Access Control Security: Learning from Major Data Breaches

Comments
5 min read
My VAPT Learning Journey

My VAPT Learning Journey

Comments
3 min read
Lessons Learned #2: Your new feature could introduce a security vulnerability to your old feature (Clickhouse CVE-2024-22412)

Lessons Learned #2: Your new feature could introduce a security vulnerability to your old feature (Clickhouse CVE-2024-22412)

Comments
4 min read
Why Security Misconfigurations Matter and 5 Ways to Prevent Them

Why Security Misconfigurations Matter and 5 Ways to Prevent Them

Comments
1 min read
API Security Tools: Threat Protection vs. Testing & 8 Tools to Know

API Security Tools: Threat Protection vs. Testing & 8 Tools to Know

5
Comments
1 min read
API Security: Threats, Tools, and Best Practices

API Security: Threats, Tools, and Best Practices

5
Comments
1 min read
Prevention: It's Time to Save Those Millions

Prevention: It's Time to Save Those Millions

1
Comments
2 min read
Introducing Omni4J: Secure your Java code

Introducing Omni4J: Secure your Java code

Comments
2 min read
DEF CON 32: What We Learned About Secrets Security at AppSec Village

DEF CON 32: What We Learned About Secrets Security at AppSec Village

8
Comments 1
9 min read
Lessons Learned #1: One line of code can make your application vulnerable (Pre-Auth RCE in Metabase CVE-2023–38646)

Lessons Learned #1: One line of code can make your application vulnerable (Pre-Auth RCE in Metabase CVE-2023–38646)

Comments
4 min read
Compreendendo o SAMM

Compreendendo o SAMM

Comments
6 min read
Web Security and Bug Bounty Hunting: Knowledge, Tools, and Certifications

Web Security and Bug Bounty Hunting: Knowledge, Tools, and Certifications

3
Comments
3 min read
Understanding the Distinction Between Information Security and Cybersecurity

Understanding the Distinction Between Information Security and Cybersecurity

Comments
2 min read
Secure SDLC (Part 1): issues, approach, tech metrics, team’s KPI

Secure SDLC (Part 1): issues, approach, tech metrics, team’s KPI

1
Comments
6 min read
Next.js: consequence of AppRouter on your CSP

Next.js: consequence of AppRouter on your CSP

Comments
3 min read
Creating a DevSecOps pipeline with Jenkins — Part 1

Creating a DevSecOps pipeline with Jenkins — Part 1

1
Comments
12 min read
Mastering Application Security: The Power of Rate Limiting

Mastering Application Security: The Power of Rate Limiting

7
Comments
6 min read
Next.js: Crafting a Strict CSP

Next.js: Crafting a Strict CSP

1
Comments 1
4 min read
O que vem depois do Pentesting?

O que vem depois do Pentesting?

14
Comments
13 min read
loading...