Nilay Sangani·2 hours agoXML External Entity ( XXE ) InjectionHello There, Thank you for taking the time to read the write — up! I appreciate it! Today’s content is going to be on understanding ‘XML External Entity ( XXE ) Injection’ The content is completely based on my personal experiences & knowledge, interactions with incredible people in the App…Application Security2 min readApplication Security2 min read
David MerianinSystem Weakness·1 day agoMember-onlyFuzzing Finds CVE in Spring.ioCode Intelligence‘s fuzzer, integrated into the OSS-Fuzz fuzzing platform by Google, found a CVE in the Spring Framework which causes a DoS (denial-of-service) if exploited. Patches are available. — Google cares about open source security. They have skin in the game. I’ve written about this in the past. That’s why they built their fuzzing platform, OSS-Fuzz, reward contributors, and collaborate with partners to integrate more fuzzing capabilities into the OSS-Fuzz fuzzing platform.Application Security2 min readApplication Security2 min read
Sagiv Peer·1 day agoFrom Running From Vulnerabilities Into Chasing ThemEveryone talks about security training for developers, Yet no one speaks about the other 97 percent of the company. Let's start with a simple question. Take a slight pause and consider Who Should Be Your Security Champion? The answer to the question will be answered by the end of my…Application Security2 min readApplication Security2 min read
Miguel Pérez SanchisinJulius Baer Engineering·1 day agoImplementing OAuth2/OIDC and its agents with SpringIntro The Spring framework 🍃 can sometimes be as daunting as it is useful. When dealing with shared and standardised components, it makes no sense for every developer to re-implement whole systems on their own or to have teams working with slightly different flavours of the same software. This is where…Application Security7 min readApplication Security7 min read
David MerianinSystem Weakness·3 days agoMember-onlySecurity like NetflixNetflix uses “Paved Roads” security principles and productization of security to deliver ease-of-use and scalability of security for engineering teams. — Maybe you have heard of the “paved roads” security principle: you create “hard” or strict security requirements for engineering and development teams. These are most often shared as checklists. Netflix had these checklists, but getting teams to use this was painful and conflict-ridden. Instead, the app sec team built a…Application Security2 min readApplication Security2 min read
David Berg·1 day agoCybersecurity Stories: A Jurassic Journey Through the OWASP Top 10If you’ve ever come across the OWASP Top 10 but aren’t quite sure what it entails or struggle to recall the ten vulnerabilities, this article is for you. Learning cybersecurity can be overwhelming, especially when faced with plenty of terminology and acronyms. Feeling overwhelmed by numerous terms and abbreviations is…Application Security8 min readApplication Security8 min read
Sal Janssen·1 day agoAPI SecurityRecently I was working through an API performance issue where I needed to replicate the behaviour on my own systems. As I was testing my solution through iteration, it was clearly evident that there are a number of components in the API testing process that require validation and verification, including…Application Security2 min readApplication Security2 min read
Yobroda·2 days agoSSL Certificate Pinning Bypass — The Manual Approach!Originally written during April 2021 Hello Readers, Today, we are going to dwell into my research that was put to overcome SSL Pinning on a Java Thick Client, in order to intercept its traffic!! We will start from the basics of certain theory part and then to the actual practical…Application Security10 min readApplication Security10 min read
Ramkumar Nadar·3 days agoI did JSON CSRF or did I?In this article, I am going to dissect how I performed the JSON CSRF. By the time you reach climax, I hope you realize the futility of it. Achieving it for me was akin to hunting an already dead target without knowing it was dead. You’ll get the metaphor. Read…Application Security6 min readApplication Security6 min read
Jeremiah TalamantesinMitigated.io Blog·4 days agoLog It or Lose It: The Critical Role of Logging in Application SecuritySecuring valuable information and systems is paramount to the success of any organization. One vital aspect of information security that often needs to be more appreciated is comprehensive application and security logging. These logs are the foundational layer for an effective security strategy, providing critical insights into application behavior and…Application Security4 min readApplication Security4 min read
