Mohamed AboElKheirinAppSec UntangledLessons Learned #2: Your new feature could introduce a security vulnerability to your old feature…This is the second story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the eyes of an application…1d ago1d ago
Mohamed AboElKheirinAppSec UntangledLessons Learned #1: One line of code can make your application vulnerable (Pre-Auth RCE in Metabase…Welcome all to this new series “Lessons Learned”. In this series, I plan to share some real-world vulnerabilities from the eyes of an…Sep 2Sep 2
Mohamed AboElKheirinAppSec UntangledHow to make “Input validation” easy for your devsCreating a Paved road for input validationJul 22Jul 22
Mohamed AboElKheirinAppSec UntangledNew Notion template for Threat modeling published!Hi All, I have an exciting announcement to share! I’ve created a Notion template to help with creating threat models for your projects, you…May 3May 3
Mohamed AboElKheirinAppSec UntangledHow I contributed my first custom rule to Semgrep Rule RegistrySince I learned that Semgrep enables users to create and use custom SAST rules, I was instantly intrigued. That is mainly because the value…Mar 19Mar 19
Mohamed AboElKheirinAppSec UntangledWhat is wrong with this code?Why code reviews/scans are not enoughMar 1Mar 1
Mohamed AboElKheirinAppSec UntangledHow to “Shift-Left” SAST scans (Semgrep as an example)“Shift-Left” has become quite the buzzword recently and I assume you probably have already seen a dozen talks and blog posts discussing the…Jan 261Jan 261
Mohamed AboElKheirinAppSec UntangledWhy “Chainguard Images” is a game-changer for container vulnerabilitiesI’ve recently tried Chainguard Images and was impressed by the results. Chainguard images are minimized hardened container images that…Dec 21, 2023Dec 21, 2023
Mohamed AboElKheirinAppSec UntangledThreat Modeling Handbook #6: Agile Threat ModelingIt has been a long journey! In the past stories (links below) of this series we discussed in detail how to build a process using threat…Nov 21, 2023Nov 21, 2023
Mohamed AboElKheirinAppSec UntangledThreat Modeling Handbook #5: Convert your threat model into an automated pentest using DevSecOps…Now it is time to make use of what we have completed in phase 1 of the threat modeling process (threat and mitigation identification) in…Oct 12, 20231Oct 12, 20231