Felipe Ruiz
A digital infrastructure issue that many still ignore
The joke mentioned here is just a small sample of a big dependency issue in the global digital infrastructure, about which we need to raise awareness.
Felipe Ruiz
It's about time you relied on code-assisted pentesting
Here are some reasons why it would be prudent and beneficial to stop being reluctant to share your code for pentesting with a reputable cybersecurity company.
Jason Chavarría
Five best practices for coding with the help of gen AI
Generative AI tools are an ally for developers to write code efficiently. We share five best practices for developing software securely while using those tools.
Jason Chavarría
Importance, types, steps, tools of pentesting, and more
Explore the world of penetration testing and gain understanding of how it bolsters your cybersecurity safeguards against emerging threats.
Carlos Bello
Beware of insecure-by-default libraries!
Here we present in detail a vulnerability we discovered in BookStack v23.10.2, along with the steps to follow to replicate the exploit.
Jason Chavarría
Learn the types, tools, techniques, principles and more
We define security testing and tell you all the basics. These include how to perform it to find vulnerabilities in software applications and other systems.
Jason Chavarría
Now we follow all best practices required by OpenSSF
After evidencing statement and branch coverages above 90% and other high-level best practices, our open-source project Universe got the rare OpenSSF gold badge.
Jason Chavarría
Among exposed were secrets, code and AI training data
We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.
Felipe Ruiz
Towards an approach that engages more than SCA and SBOM
Understand what a comprehensive software supply chain security approach should aim at and why it is crucial to implement it during your company's SDLCs.