
Felipe Ruiz
Towards an approach that engages more than SCA and SBOM
Understand what a comprehensive software supply chain security approach should aim at and why it is crucial to implement it during your company's SDLCs.

Carlos Bello
What is invisible to some hackers is visible to others
Here we present in detail a vulnerability we discovered in PaperCut MF/NG v22.0.10, along with the steps to follow to replicate the exploit.

Felipe Ruiz
A roadmap for developing and releasing secure software
CISA and other agencies published a guide encouraging organizations to offer their customers secure-by-design and secure-by-default products.

Jason Chavarría
Vulnerability scanning and pentesting for a safer web
Learn how website and web app security scanning work, their role in vulnerability management, and why mix them with pentesting in vulnerability assessment.

Jason Chavarría
Escaneo de vulnerabilidades y pentesting para la web
Aprende cómo funcionan los escaneos de seguridad de aplicaciones y sitios web, su papel en la gestión de vulnerabilidades y las razones para combinarlos con el pentesting en la evaluación de vulnerabilidades.

Carlos Bello
Injecting JS into one site is harmful, into all, lethal
In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.

Jason Chavarría
Differences between these security testing approaches
There is confusion around the differences between breach and attack simulation, penetration testing and red teaming. Read this blog post for a clear comparison.

Jason Chavarría
Diferencias entre tres enfoques de pruebas de seguridad
Hay confusión sobre las diferencias entre breach and attack simulation, pentesting y red teaming. En esta entrada de blog encuentras una comparación clara.

Jason Chavarría
Our CLI is an approved AST tool to secure cloud apps
Fluid Attacks' automated tool is recommended by the App Defense Alliance for static scanning under the Cloud Application Security Assessment (CASA) framework.