Code

Posts with this tag discuss the security of source code or different approaches to writing or analyzing it.

Photo by sebastiaan stam on Unsplash

Carlos Bello


Injecting JS into one site is harmful, into all, lethal

In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.

Photo by Kostiantyn Li on Unsplash

Jason Chavarría


Our CLI is an approved AST tool to secure cloud apps

Fluid Attacks' automated tool is recommended by the App Defense Alliance for static scanning under the Cloud Application Security Assessment (CASA) framework.

Photo by Ralston Smith on Unsplash

Felipe Ruiz


A simple approach to try out in cybersecurity training

We present a short review of a study in which the authors suggest an approach to introduce and encourage software developers to use secure coding practices.

Photo by Dima Pechurin on Unsplash

Felipe Ruiz


Open the door to security as a quality requirement

Discover what is usually seen as code quality, why we believe this concept should include security and some recommendations to develop high-quality code.

Photo by Museums Victoria on Unsplash

Felipe Ruiz


Use of automated tools only? Don't stick to your guns!

In this blog post, we present some differences between automated and manual code reviews and emphasize the latter and the procedures performed by the reviewers.

Photo by Nahel Abdul Hadi on Unsplash

Carlos Bello


So it's the app itself that delivers the cookie to me?

In this blog post, I present in detail a zero-day vulnerability I discovered in KAYAK v161.1, along with the steps to follow to replicate the exploit.

Photo by Ga on Unsplash

Felipe Ruiz


And round it off with our Secure Code Review

Check out some best practices for secure coding your developers can start applying and how our Secure Code Review can complement them.

Photo by Edi Libedinsky on Unsplash

Felipe Ruiz


Yes, you, who think your app is immune to cyberattacks

In this blog post, we focus on secure code review and the benefits of applying it early and consistently in your software development lifecycles.

Photo by Zdeněk Macháček on Unsplash

Felipe Ruiz


New companies come on board to renew this standard

In this blog post, we provide an overview of the OASIS SARIF. More and more companies are joining OASIS to support the creation and launch of a new version.

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.