AnshumanforAnshuman's Blog!singhanshuman.hashnode.net·Feb 1, 2023Application Security Basics - SAST, DAST and more!Ever wondered what it means when you read the headlines or hear - "Hackers attacked XYZ systems! Possibility of a data breach!" Of course, this doesn't mean attacking using arrows or weapons but how do they do this? Hackers or more specifically Black...Discuss·18 likes·64 readsApplication Security
Alex AquinoforAlex Aquino's Blogefficiencygeek.hashnode.net·Sep 26, 2022Top 3 Application Security Concerns for the DeveloperYou are a developer working on your app, and while you know security is critical to building trust, you'd rather focus on the cooler features of your application. Why this post on Application Security? As I started my journey into modern application ...Mariel Aquino and 1 other are discussing this2 people are discussing thisDiscuss·6 likes·235 readsApplication Security
zer0dforInfos3c Blogsinfos3c.hashnode.net·Dec 7, 2022Serialization & Deserialization AttacksHello everybody, Today I will try to explain how serialization vulnerabilities work. Before we destroy the pyramids, we need to learn how they built them. So the first question is what are serialization and deserialization? Serialization: Serializat...Discuss·4 likes·98 readspentesting
Ahsan MangalforAhsan Mangalitsahsanmangal.hashnode.net·Apr 19, 2023Password Dictionary in Appwrite: Boosting Application SecurityEnsuring the security of user data is a top priority for developers building web and mobile applications. One crucial aspect of this security is enforcing solid and unique passwords for user accounts. Appwrite, an open-source backend server for web a...Discuss2Articles1Week
Kristof RiebbelsforA blog to (be) inspire(d) (by) otherskriebbels.hashnode.net·Apr 16, 2023Enable developers to generate safe and secure codePreviously on... In my previous blog post, I wrote about JSON RCE attacks. The possibility of such an attack exists, was brought to my attention in a report by CheckMarx. I heard about SAST scans from the product team that I worked with. Our team was...Discuss·44 readsSecurityApplication Security
Abednego EmonenaforCodenegocodynego.hashnode.net·Mar 15, 2023Web stack Monitoring Made Easy: Why you need to set up web stack monitoringWhat is web stack monitoring? When most people hear the word "monitoring", they know this to be when you are being watched or you are watching over something. But in software engineering, web stack monitoring is simply when you pay constant attention...DiscussDatadog
SnykforSnyksnyksec.hashnode.net·Mar 9, 2023Mitigating path traversal vulns in Java with Snyk CodePath traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading ...DiscussApplication Security
SnykforSnyksnyksec.hashnode.net·Mar 8, 2023Comparing Node.js web frameworks: Which is most secure?In this article, we’ll look at three popular frameworks — Express.js, NestJS, and Fastify — and evaluate them according to how well they align with the Node.js security best practices. JavaScript is the world’s most popular programming language, prov...DiscussNode.js
SnykforSnyksnyksec.hashnode.net·Mar 6, 2023Building Vue 3 components with Tailwind CSSVue is a popular JavaScript framework for building versatile web interfaces. Some of its most compelling features are its easy integration into existing code-bases and lightweight framework, making it easy for developers to start using in their front...Discuss·27 readsVue.js
SnykforSnyksnyksec.hashnode.net·Mar 6, 2023Gitpod remote code execution 0-day vulnerability via WebSocketsTLDR This article walks us through a current Snyk Security Labs research project focusing on cloud based development environments (CDEs) — which resulted in a full workspace takeover on the Gitpod platform and extended to the user’s SCM account. The ...DiscussApplication Security
SnykforSnyksnyksec.hashnode.net·Feb 27, 2023Node.js multithreading with worker threads: pros and consNode.js presents a single-threaded event loop to your application, which allows CPU-bound operations to block the main thread and create delays. The worker_threads module addresses this problem by providing a mechanism for running code in parallel us...DiscussApplication Security
SnykforSnyksnyksec.hashnode.net·Feb 22, 2023The security concerns of a JavaScript sandbox with the Node.js VM moduleWere you tasked with building a product that requires the execution of dynamic JavaScript originating from end users? You might think building it on-top of Node.js VM module is a viable way to create a JavaScript sandbox. In this article, we’ll learn...DiscussApplication Security
NebulaforNebula Blogsnebula-blogs.hashnode.net·Feb 19, 2023Web Application Penetration Testing: How Do You Get Started? - Part 2The resources for learning the four fundamental skills were introduced in Part 1. In this part, we'll focus on the following topics: OWASP Top 10 OWASP Testing guide Web applications to perform testing DVWA - Damn Vulnerable Web Application (Serv...Discuss·76 reads#cybersecurity
