Kristof Riebbelskriebbels.hashnode.net·Mar 26, 2023FeaturedThe hidden dangers of JSONs: Hunger silencedPreviously on... In my previous blog post, I wrote about deserialization attacks and how to prevent them. I ended the post with a section called Hunger. There I stated I still doubted the link between JSON inside a string property and when the valida...Discuss·38 likes·589 readsSecurityjson
Anshumansinghanshuman.hashnode.net·Feb 1, 2023Application Security Basics - SAST, DAST and more!Ever wondered what it means when you read the headlines or hear - "Hackers attacked XYZ systems! Possibility of a data breach!" Of course, this doesn't mean attacking using arrows or weapons but how do they do this? Hackers or more specifically Black...Discuss·18 likes·64 readsApplication Security
Anshumansinghanshuman.hashnode.net·Jan 22, 2023Writing Vulnerability Detection Rules!In summer 2021, the Vulnerability Research and Static Analysis teams launched the Google Summer of Code (GSoC) project: Write vulnerability detection rules for SAST. For this project, we built and implemented a framework to helps transition GitLab aw...Discuss·6 likes·40 readsSAST
Abhay Singhabhaysingh.hashnode.net·Feb 27, 2024OWASP ZAP vs. AppCheck vs. Wiz: Which Security Tool is Right for You?When it comes to protecting your web applications and cloud infrastructure, choosing the right security tool is essential. Here’s a breakdown of three popular options – OWASP ZAP, AppCheck, and Wiz – to help you make an informed decision. OWASP ZAP (...Discusscspm
Razvan Morarukubiko.hashnode.net·Apr 16, 2023The importance of container scanning in cybersecurityIn recent years, container technology has gained immense popularity in the software development world, revolutionizing the way applications are built and deployed. Containers, which are lightweight and easily portable, enable developers to package so...Discusscontainers
Kristof Riebbelskriebbels.hashnode.net·Apr 16, 2023Enable developers to generate safe and secure codePreviously on... In my previous blog post, I wrote about JSON RCE attacks. The possibility of such an attack exists, was brought to my attention in a report by CheckMarx. I heard about SAST scans from the product team that I worked with. Our team was...Discuss·44 readsSecurityApplication Security
Raushan RajforCloud Security Operations Centerraushanraj-1664511904508.hashnode.net·Apr 13, 2023DevSecOps - OpenSource SAST for your CI/CD pipelineDevSecOps stands for Development, Security, and Operations. DevSecOps involves introducing security practices and integrating tools earlier in the software development life cycle (SDLC), rather than treating security as a separate, post-development a...Discuss·145 readsSAST
Kristof Riebbelskriebbels.hashnode.net·Mar 26, 2023FeaturedThe hidden dangers of JSONs: Hunger silencedPreviously on... In my previous blog post, I wrote about deserialization attacks and how to prevent them. I ended the post with a section called Hunger. There I stated I still doubted the link between JSON inside a string property and when the valida...Discuss·38 likes·589 readsSecurityjson
Antoine LOIZEAUaloizeau.hashnode.net·Mar 17, 2023Infrastructure Azure Terraform, analyse statique avec Checkov et GitHubAnalyse statique avec Checkov Déjà présenté dans mon précédent article; Checkov est un outil permettant l'analyse statique de votre Infrastructure As Code (IaC). Celui-ci va vous aider dans l'écriture de vos scripts terraform pour maximiser les bonne...Discuss·110 readsTerraformSAST
Anshumansinghanshuman.hashnode.net·Feb 1, 2023Application Security Basics - SAST, DAST and more!Ever wondered what it means when you read the headlines or hear - "Hackers attacked XYZ systems! Possibility of a data breach!" Of course, this doesn't mean attacking using arrows or weapons but how do they do this? Hackers or more specifically Black...Discuss·18 likes·64 readsApplication Security
Anshumansinghanshuman.hashnode.net·Jan 22, 2023Writing Vulnerability Detection Rules!In summer 2021, the Vulnerability Research and Static Analysis teams launched the Google Summer of Code (GSoC) project: Write vulnerability detection rules for SAST. For this project, we built and implemented a framework to helps transition GitLab aw...Discuss·6 likes·40 readsSAST
Unicorn Developerpvs-studio.hashnode.net·Dec 9, 2022Examples of errors that PVS-Studio found in LLVM 15.0Compilers are evolving: they issue more and more warnings. Do developers still need to use static code analyzers like PVS-Studio? Yes, because analyzers are evolving too. In this article you'll see how PVS-Studio can find bugs even in a compiler. Pu...Discuss·31 readsLLVM
Unicorn Developerpvs-studio.hashnode.net·Dec 9, 2022The check of the Rhino JavaScript engine or how the unicorn met the rhinoAmong the wide variety of programming languages, what our users want the most is that the PVS-Studio analyzer to start supporting JavaScript. The Rhino engine is a project that our team can use to create a PVS-Studio analyzer for JavaScript. In this ...Discuss·41 readsPVS-Studio
