Requiem for a p455w0rD
Why passphrases are better than passwords
In this blog post, we mainly make a comparison between having weak or complicated passwords...
The Oracle of Code
About code as data
This blog post is a description of the code-as-data approach to source code analysis.
Stand on the Shoulders of Giants
About software composition analysis
Here we mainly develop a discussion on 'A9' of the OWASP Top 10: Using components with known...
Will Machines Replace Us?
Automatic detection vs. manual detection
Vulnerability detection by an automated tool is not enough to conclude that an app is secure....
The Infinite Monkey Fuzzer
Fuzz testing using American Fuzzy Lop
In this blog post, we are focused on how to perform basic fuzz attacks on desktop Linux C...
Fuzzy Bugs Online
Fuzz techniques for attacking web applications
How to make basic fuzz attacks on web apps? We fuzz over SQL injections on a vulnerable DB...
Is Your App in a Pickle?
Documenting vulnerabilities with gherkin
Gherkin can be used for documentation and automated testing. Here we focus on its basics and how...
Delimiting an Ethical Hacking
How to define the scope of your objectives
When security flaws are found through ethical hacking, it is important to delimit the...
Is that CSV Secure?
Defining CSV injection vulnerabilities
Comma-Separated Values file is a common extension in data files used in several application...
The Importance of Pentesting
Protect your company against Hackers, not Lamers
In this article, we will discuss the importance of Pentesting when protecting our applications.
Another Proud Son of JSON
Using JSON Web Token to send data
Here we introduce JSON Web Token, a simple, quick way to send secure, digital signed data from...