appsec
Protecting developers from supply chain attacks
Developers have quietly become one of the most valuable targets in the modern threat landscape. Not because of who they are as …
Posts
21 articles on application security, vulnerabilities and research
appsec
Building MirageVM: A JavaScript Virtual Machine for Code Obfuscation
Modern web applications face a persistent challenge: automated attacks that bypass traditional security measures. Captcha farms …
appsec
Bots to the Rescue: How I Built an AI Security Wingman
Security operations teams spend a fair amount of time on repetitive administrative tasks. Answering recurring process questions, …
appsec
Path Traversal & LFI can be worst than you think
LFI and Path traversal are not a new thing, but what most people don’t understand is the full impact of the vulnerability. …
appsec
We are making authentication systems wrong
For a long time I’ve been struggling with the way authentication systems work, as they don’t protect your password as …
appsec
What is and how to prevent Mass Assignment Vulnerabilities
First time I heard about mass assignment vulnerabilities was a long time ago, when I started learning Ruby & Rails. In fact I …
appsec
Attacks with Zip Files and Mitigations
Once again, I bring a topic that I don’t see getting enough attention , and a lot of times this ends up being a big security …
appsec
Are your mobile banking apps secure?
These past few days I’ve been doing some security checks in my mobile banking apps as I basically never did it since opening …
appsec
The Log Forging Vulnerability And How To Fix It
The Log Forging vulnerability, also known as Log Manipulation is a really low ranked vulnerability that in a lot of cases its to …