Code

Posts with this tag discuss the security of source code or different approaches to writing or analyzing it.

Photo by Valery Fedotov on Unsplash

Felipe Ruiz


A digital infrastructure issue that many still ignore

The joke mentioned here is just a small sample of a big dependency issue in the global digital infrastructure, about which we need to raise awareness.

Photo by Mike Lewinski on Unsplash

Felipe Ruiz


It's about time you relied on code-assisted pentesting

Here are some reasons why it would be prudent and beneficial to stop being reluctant to share your code for pentesting with a reputable cybersecurity company.

Photo by Takahiro Sakamoto on Unsplash

Jason Chavarría


Five best practices for coding with the help of gen AI

Generative AI tools are an ally for developers to write code efficiently. We share five best practices for developing software securely while using those tools.

Photo by Peter Neumann on Unsplash

Jason Chavarría


Importance, types, steps, tools of pentesting, and more

Explore the world of penetration testing and gain understanding of how it bolsters your cybersecurity safeguards against emerging threats.

Photo by Fotis Fotopoulos on Unsplash

Carlos Bello


Beware of insecure-by-default libraries!

Here we present in detail a vulnerability we discovered in BookStack v23.10.2, along with the steps to follow to replicate the exploit.

Photo by Erzsébet Vehofsics on Unsplash

Jason Chavarría


Learn the types, tools, techniques, principles and more

We define security testing and tell you all the basics. These include how to perform it to find vulnerabilities in software applications and other systems.

Photo by Jean-Daniel Calame on Unsplash

Jason Chavarría


Now we follow all best practices required by OpenSSF

After evidencing statement and branch coverages above 90% and other high-level best practices, our open-source project Universe got the rare OpenSSF gold badge.

Photo by Aaron Burden on Unsplash

Jason Chavarría


Among exposed were secrets, code and AI training data

We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.

Photo by Google DeepMind on Unsplash

Felipe Ruiz


Towards an approach that engages more than SCA and SBOM

Understand what a comprehensive software supply chain security approach should aim at and why it is crucial to implement it during your company's SDLCs.

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.