![Photo by Brian Kelly on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1713388624/blog/undersupported-digital-infrastructure/cover_undersupported_digital_infrastructure.webp)
Felipe Ruiz
We need you, but we can't give you any money
We want to persist in raising awareness about the scarce support that many open-source software projects, on which nearly everyone depends, are receiving.
![Photo by Valery Fedotov on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1711073708/blog/nebraska-joke-infrastructure-dependency/cover_nebraska_joke_infrastructure_dependency.webp)
Felipe Ruiz
A digital infrastructure issue that many still ignore
The joke mentioned here is just a small sample of a big dependency issue in the global digital infrastructure, about which we need to raise awareness.
![Photo by Mike Lewinski on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1707840268/blog/rely-on-code-assisted-pentesting/cover_rely_on_code_assisted_pentesting.webp)
Felipe Ruiz
It's about time you relied on code-assisted pentesting
Here are some reasons why it would be prudent and beneficial to stop being reluctant to share your code for pentesting with a reputable cybersecurity company.
![Photo by Takahiro Sakamoto on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1703875585/blog/5-best-practices-coding-with-gen-ai/cover_coding_with_gen_ai.webp)
Jason Chavarría
Five best practices for coding with the help of gen AI
Generative AI tools are an ally for developers to write code efficiently. We share five best practices for developing software securely while using those tools.
![Photo by Peter Neumann on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1702996448/blog/penetration-testing/cover_pentesting.webp)
Jason Chavarría
Importance, types, steps, tools of pentesting, and more
Explore the world of penetration testing and gain understanding of how it bolsters your cybersecurity safeguards against emerging threats.
![Photo by Fotis Fotopoulos on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1700587805/blog/lfr-via-blind-ssrf-book-stack/cover_bookstack.webp)
Carlos Bello
Beware of insecure-by-default libraries!
Here we present in detail a vulnerability we discovered in BookStack v23.10.2, along with the steps to follow to replicate the exploit.
![Photo by Erzsébet Vehofsics on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1698867448/blog/security-testing-fundamentals/cover_security_testing.webp)
Jason Chavarría
Learn the types, tools, techniques, principles and more
We define security testing and tell you all the basics. These include how to perform it to find vulnerabilities in software applications and other systems.
![Photo by Jean-Daniel Calame on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1697120855/blog/openssf-gold-badge-for-universe/cover_openssf_gold_badge.webp)
Jason Chavarría
Now we follow all best practices required by OpenSSF
After evidencing statement and branch coverages above 90% and other high-level best practices, our open-source project Universe got the rare OpenSSF gold badge.
![Photo by Aaron Burden on Unsplash](https://res.cloudinary.com/fluid-attacks/image/upload/v1695396598/blog/microsoft-38tb-data-leak/cover_microsoft_38tb_data_leak.webp)
Jason Chavarría
Among exposed were secrets, code and AI training data
We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.