Code

Posts with this tag discuss the security of source code or different approaches to writing or analyzing it.

Photo by Aaron Burden on Unsplash

Jason Chavarría


Among exposed were secrets, code and AI training data

We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.

Photo by Google DeepMind on Unsplash

Felipe Ruiz


Towards an approach that engages more than SCA and SBOM

Understand what a comprehensive software supply chain security approach should aim at and why it is crucial to implement it during your company's SDLCs.

Photo by Yeshi Kangrang on Unsplash

Carlos Bello


What is invisible to some hackers is visible to others

Here we present in detail a vulnerability we discovered in PaperCut MF/NG v22.0.10, along with the steps to follow to replicate the exploit.

Photo by Snowscat on Unsplash

Jason Chavarría


Toyota's ancient and recently disclosed data leaks

We describe the data leaks recently disclosed by Toyota Motor Corporation lasting five, eight and ten years.

Photo by Phil Hearing on Unsplash

Jason Chavarría


Why so many are switching to Rust

Memory-related security issues are common and often critical. To reduce their presence, ongoing projects are writing in memory-safe languages like Rust.

Photo by Ludovic Toinel on Unsplash

Felipe Ruiz


A roadmap for developing and releasing secure software

CISA and other agencies published a guide encouraging organizations to offer their customers secure-by-design and secure-by-default products.

Photo by sebastiaan stam on Unsplash

Carlos Bello


Injecting JS into one site is harmful, into all, lethal

In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.

Photo by Kostiantyn Li on Unsplash

Jason Chavarría


Our CLI is an approved AST tool to secure cloud apps

Fluid Attacks' automated tool is recommended by the App Defense Alliance for static scanning under the Cloud Application Security Assessment (CASA) framework.

Foto por Kostiantyn Li en Unsplash

Jason Chavarría


Nuestro CLI fue aprobado para asegurar apps en la nube

Nuestra herramienta automatizada es recomendada por App Defense Alliance para el escaneo estático bajo el marco Cloud Application Security Assessment (CASA).

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.