Published inAppSec UntangledHow AI Code Scanning Breaks SAST’s Limits - Corgea as an ExampleMany resources tackle the SAST false-positive problem, but today I am here to discuss the SAST false-negative problem, and how AI could…Mar 11Mar 11
Published inAppSec UntangledLessons learned #5: Internal applications need review too (Subaru STARLINK Admin Panel…Welcome to another story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the perspective of an application…Feb 19Feb 19
Published inAppSec UntangledHow Reachability Analysis can help with open source vulnerabilities mess (Coana as an example)If you are a security engineer or a developer, you probably already know the pain of having to deal with the vulnerabilities affecting the…Jan 22Jan 22
Published inAppSec UntangledLessons Learned #4: One error message could expose all your data (FileSender CVE-2024–45186)Welcome to another story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the perspective of an application…Jan 14Jan 14
Published inAppSec UntangledLessons Learned #3: Is your random UUID really random?Welcome to the third story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the perspective of an…Nov 20, 2024A response icon1Nov 20, 2024A response icon1
Published inAppSec UntangledLessons Learned #2: Your new feature could introduce a security vulnerability to your old feature…This is the second story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the eyes of an application…Sep 25, 2024Sep 25, 2024
Published inAppSec UntangledLessons Learned #1: One line of code can make your application vulnerable (Pre-Auth RCE in Metabase…Welcome all to this new series “Lessons Learned”. In this series, I plan to share some real-world vulnerabilities from the eyes of an…Sep 2, 2024Sep 2, 2024
Published inAppSec UntangledHow to make “Input validation” easy for your devsCreating a Paved road for input validationJul 22, 2024Jul 22, 2024
Published inAppSec UntangledNew Notion template for Threat modeling published!Hi All, I have an exciting announcement to share! I’ve created a Notion template to help with creating threat models for your projects, you…May 3, 2024May 3, 2024
Published inAppSec UntangledHow I contributed my first custom rule to Semgrep Rule RegistrySince I learned that Semgrep enables users to create and use custom SAST rules, I was instantly intrigued. That is mainly because the value…Mar 19, 2024Mar 19, 2024
