Photo by Aaron Burden on Unsplash

Jason Chavarría

Among exposed were secrets, code and AI training data

We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.

Photo by Google DeepMind on Unsplash

Felipe Ruiz

Towards an approach that engages more than SCA and SBOM

Understand what a comprehensive software supply chain security approach should aim at and why it is crucial to implement it during your company's SDLCs.

Photo by Yeshi Kangrang on Unsplash

Carlos Bello

What is invisible to some hackers is visible to others

Here we present in detail a vulnerability we discovered in PaperCut MF/NG v22.0.10, along with the steps to follow to replicate the exploit.

Photo by Snowscat on Unsplash

Jason Chavarría

Toyota's ancient and recently disclosed data leaks

We describe the data leaks recently disclosed by Toyota Motor Corporation lasting five, eight and ten years.

Photo by Phil Hearing on Unsplash

Jason Chavarría

Why so many are switching to Rust

Memory-related security issues are common and often critical. To reduce their presence, ongoing projects are writing in memory-safe languages like Rust.

Photo by Ludovic Toinel on Unsplash

Felipe Ruiz

A roadmap for developing and releasing secure software

CISA and other agencies published a guide encouraging organizations to offer their customers secure-by-design and secure-by-default products.

Photo by sebastiaan stam on Unsplash

Carlos Bello

Injecting JS into one site is harmful, into all, lethal

In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.

Photo by Kostiantyn Li on Unsplash

Jason Chavarría

Our CLI is an approved AST tool to secure cloud apps

Fluid Attacks' automated tool is recommended by the App Defense Alliance for static scanning under the Cloud Application Security Assessment (CASA) framework.

Foto por Kostiantyn Li en Unsplash

Jason Chavarría

Nuestro CLI fue aprobado para asegurar apps en la nube

Nuestra herramienta automatizada es recomendada por App Defense Alliance para el escaneo estático bajo el marco Cloud Application Security Assessment (CASA).

Inicia tu prueba gratuita de 21 días

Descubre las ventajas de nuestra solución Hacking Continuo, de la cual ya disfrutan cientos de organizaciones.

Inicia tu prueba gratuita de 21 días
Fluid Logo Footer

Hackeando software durante más de 20 años

Fluid Attacks analiza aplicaciones y otros sistemas, abarcando todas las fases de desarrollo de software. Nuestro equipo ayuda a los clientes a identificar y gestionar rápidamente las vulnerabilidades para reducir el riesgo de ciberincidentes y desplegar tecnología segura.

Copyright © 0 Fluid Attacks. We hack your software. Todos los derechos reservados.