I've been a huge fan of OWASP for a very long time, having spoken at their conferences, contributed to their projects, consumed many of their resources and met some really awesome people along the way! Just recently, one of the very popular OWASP projects, the Application Security Verification Standard (ASVS)| Scott Helme
An SQL injection (SQLi) attack occurs when an attacker manipulates a web application's client input data to inject malicious SQL code into database queries.| HAProxy Technologies
This secure code review checklist helps code reviewers find security vulnerabilities and security bugs.| www.awesomecodereviews.com
Windsor.ai's Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.| windsor.ai
Offensive security tools for 2025: Metasploit, Nuclei, Bloodhound & more. Uncover and remediate vulnerabilities before they’re exploited.| HackerTarget.com
Learn about integrations for your Application Load Balancer.| docs.aws.amazon.com
Companies in this space are just features, not products or platforms.| franklyspeaking.substack.com
.png)
LLMs have already changed the rules. How do we make sure they don't also ignore them?| www.osohq.com
Explore 4 case studies on SQL injection attacks and learn vital lessons to protect your web applications from vulnerabilities.| Lipson Thomas
Learn how to build secure apps across the SDLC with threat modeling, OWASP mapping, and runtime defense for 2025.| GlobalDots
Learn about a SQL injection attack, its various types and harmful effects on businesses. Explore measures that can help mitigate these attacks.| Search Software Quality
Learn more to understand the dangers you are facing and why SSO implementation and other moves have to be made with careful planning today.| Frontegg
A practical guide to penetration testing that explains key methods, tools, and business value, plus how to integrate testing into your CI/CD pipeline.| The JetBrains Blog
Thanks for all the new signups, especially those who signed up for the paid version of Frankly Speaking! This week is the first week of premium content, so if you want to view the whole post, please subscribe. LET’S BE FRANK Ok, the title of the newsletter is a bit dramatic, but it’s hard to have so many nuances in a Substack email header.| franklyspeaking.substack.com
A deep dive into code quality metrics, highlighting seven metrics and explaining how to monitor them and why they are important to code quality.| blog.codacy.com
Follow these security best practices to protect your enterprise WordPress sites with a layered defense-in-depth.| Multidots
Most of the Firefox User Interface (UI), including the address bar and the tab strip, are implemented using standard web technologies like HTML, CSS and JavaScript plus some additional custom components like XUL. One of the advantages of using web technologies for the front end is that it allows rendering the frontend using the browser engine on all desktop operating systems. However, just like many web applications are susceptible to some form of injection attack (OWASP Top Ten), Firefox’s...| Attack & Defense
The security of business applications remains poor, according to a new state of software security report. The percentage […]| DEVCLASS
Discover how cybersecurity professionals test for website vulnerabilities. Learn essential techniques and tools to safeguard your website.| Lipson Thomas
What does 'aligning a cyber security strategy with corporate objectives' actually mean? Our blog provides some realistic examples to help explain.| Evalian®
Fuzz testing is not only effective at securing memory corruptions in C/C++, but also at securing systems written in memory-safe languages. Find out why!| www.code-intelligence.com
Gitlab is an integrated developer productivity, infrastructure operations, and security platform. This Wardley map explores the evolution of Gitlab’s users’ needs, as one component in understanding the company’s strategy. In particular, we look at how Gitlab’s strategy of a bundled, all-in-one platform anchors on the belief that build and security tooling is moving from customization to commodity. Reading this document To quickly understand the analysis within this Wardley Map, read f...| lethain.com
Vulnerability scanning is a process of identifying and assessing security weaknesses in a computer system, network, or web application. Vulnerabilities can range from technical flaws in software, hardware or configuration issues to vulnerabilities in policies and procedures.| PurpleSec
A complete guide to application security that explains common security threats and best practices teams can use to secure and mitigate these threats.| blog.codacy.com
Learn how linters help software developers improve their code quality in the earliest stages of the development process through static code analysis.| blog.codacy.com
We take you through Codacy's definition of code quality to help you understand what high-quality code looks like, whether you use our platform or not.| blog.codacy.com
Despite countless frameworks, best practices, blog posts… so many developers still hardcode credentials into their code.| dogesec
Web application vulnerabilities are glitches or imperfections found in the system. These can lead to security risks, such as cyber-attacks or data breaches.| Network Interview
The AI regulator’s toolbox: A list of concrete AI governance practices| adamjones.me
Offensive Security, often abbreviated as OffSec, is not about malicious hacking. It's a proactive methodology and set of practices employed to strengthen an organization's| Strobes Security
Discover vulnerabilities before attackers do. Schedule cybersecurity penetration testing with SecureStrux for proactive defense and robust security.| SecureStrux -
Shifting left requires automated tools. Three of the most common tools categories used for security automation are SAST, DAST, and SCA.| www.tripwire.com
SOC 2 compliance is a sign of a trustworthy SaaS provider. Find out what a SOC 2 audit involves and how flair achieved compliance with this important standard.| flair Blog for HR Professionals
Discover the architecture of a 3-tier application, comprising presentation, application logic, and data tiers, each serving distinct functions. Learn how this structured approach enhances scalability, maintenance, and flexibility in software development.| vFunction
May 28, 2025 update: | TrustedSec
Reduce the Risk of a Successful Cyber Attack| Cybersecurity and Infrastructure Security Agency CISA
This article presents a test-driven approach to application security and shows how we can write automated tests to prove that our defenses work as expected.| securityblog.omegapoint.se
Recap In part 1 of this blog series we presented the “Reverse RDP” attack vector and the security hardening patch we designed and helped integrate into FreeRDP. The patch itself was tar…| Eyal Itkin
Unlock the key strategies and tools for successful penetration testing to detect and address sensitive data exposure in enterprise networks. Dive into essential insights| WeSecureApp :: Securing Offensively
With the rise in Cloud misconfigurations, there's no better time to familiarize and learn how to secure your organization with Spectral.| Spectral
Security is a big topic in software engineering but how does it apply to mobile development? We care about user experience or mobile performance, security issues are rarely prioritized. This week, I’ll share how to integrate security tools into your CI pipeline to stay aware of your codebase health.| Benoit Pasquier
A Bit of a Backstory During the many years that I have been privileged working at many different companies and through those, with other ones, I would say the most critical one was a multi-data center company that was handling millions of requests per day and I was in charge of the perimeter network and overall data center network infrastructure security. In that setup, even a second of downtime was unacceptable and justifiably so, due to the nature of the applications that were hosted there ...| thegraynode.io
Let me tell you a story about Application Security (AppSec). It contains heroes and villains, and I’m not necessarily thinking about the defenders and attackers here. It contains lots of interesting technology that is often overemphasised. We’ve got whole industries that work on letting us know how scary it is out there, vulnerabilities that are marketed like rock stars and terminology that makes you quiver in your boots: who would want to fall victim to an Advanced Persistent Threat (APT)?| beny23.github.io
Cross Site Scripting (XSS) on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.| owasp.org
In this article, we will understand a type of website attack called Cross-Site Request Forgery (CSRF). We will look at the kind of websites which usually fall victim to CSRF attacks, how an attacker crafts a CSRF attack, and some techniques to mitigate the risk of being compromised with a CSRF attack| reflectoring.io
A few days back as part of a general discussion about interviewing at Equal Experts, we looked at the question “What makes a good developer?” Could we come up with a list of qualities in a developer that we’d want to look for? This post illustrates my thinking. Why do you ask? To put it in a bit of context, I’m a software developer, I’m not a recruiter, but I’ve been involved with technical interviewing for quite a while, and have marked a fair number of take-home tests over the y...| beny23.github.io
