Vulnerability scanning and pentesting for a safer web
Learn how website and web app security scanning work, their role in vulnerability management, and why mix them with pentesting in vulnerability assessment.
Injecting JS into one site is harmful, into all, lethal
In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.
Differences between these security testing approaches
There is confusion around the differences between breach and attack simulation, penetration testing and red teaming. Read this blog post for a clear comparison.
Our CLI is an approved AST tool to secure cloud apps
Fluid Attacks' automated tool is recommended by the App Defense Alliance for static scanning under the Cloud Application Security Assessment (CASA) framework.
A simple approach to try out in cybersecurity training
We present a short review of a study in which the authors suggest an approach to introduce and encourage software developers to use secure coding practices.
Open the door to security as a quality requirement
Discover what is usually seen as code quality, why we believe this concept should include security and some recommendations to develop high-quality code.
Use of automated tools only? Don't stick to your guns!
In this blog post, we present some differences between automated and manual code reviews and emphasize the latter and the procedures performed by the reviewers.
So it's the app itself that delivers the cookie to me?
In this blog post, I present in detail a zero-day vulnerability I discovered in KAYAK v161.1, along with the steps to follow to replicate the exploit.
And round it off with our Secure Code Review
Check out some best practices for secure coding your developers can start applying and how our Secure Code Review can complement them.