Articles by Oriana Olivetti
9 articles published
June 11, 2024 (1y ago)
Securing Python REST APIs: Auth, Rate Limiting, Input Validation & Common Exploit Patterns
Part 2 of our Python API security guide: implementing JWT auth correctly, rate limiting to prevent abuse, input validation against injection attacks, and the most common vulnerabilities in Django and FastAPI endpoints.
May 29, 2024 (1y ago)
Software Composition Analysis (SCA) Guide: Catching Vulnerable Dependencies Before Attackers Do
Third-party packages are the most exploited attack vector in modern web apps. This guide covers how SCA tools work, what dependency scanning misses in AI-accelerated development, and how to integrate it into your CI/CD pipeline.
May 15, 2024 (1y ago)
JavaScript Prototype Pollution: Detection, Exploitation Techniques & Real CVE Examples
A practical guide to prototype pollution: how pollution sources reach gadgets, how to test with ?__proto__[key]=value and constructor.prototype, and how real-world CVEs have been exploited in the wild.
April 30, 2024 (1y ago)
Pentesting Cross-Origin Resource Sharing (CORS) Vulnerabilities
Beginners guide to this common security misconfiguration. Here you'll find the steps to quickly spot and exploit CORS vulnerabilities out in the wild. Shall we start?
April 2, 2024 (2y ago)
Secrets Management for Developers: Detecting Leaks in AI-Generated Code Before They Reach Production
AI tools like Copilot and Cursor frequently hardcode secrets and commit .env files by accident. This guide covers secrets detection, vault setup, CI/CD scanning, and how to audit AI-generated code for credential leaks.
March 26, 2024 (2y ago)
API Security Best Practices: 12 Checks Developers Actually Skip (and Attackers Love)
Most API security guides cover the obvious. This one focuses on the checks that get skipped under deadline pressure: broken object-level auth, mass assignment, unauthenticated endpoints added during refactors, and more. With code examples.
March 14, 2024 (2y ago)
SAST vs. DAST: Choosing the Right Security Testing for Your Project
Distinguishing between SAST & DAST is crucial for any robust security strategy. Adopting a unified approach, by leveraging both scans, ensures that your software remains secure during its lifecycle, effectively mitigating potential risks and vulnerabilities in today's fast-paced digital environment.
February 29, 2024 (2y ago)
AI Penetration Testing vs. Automated Penetration Testing: Key Differences, Tools & When to Use Each (2025)
AI pentesting and automated pentesting solve different problems. We compare both approaches — capabilities, tooling, costs, and when to use each — so you can make the right call for your security program.
February 20, 2024 (2y ago)
Why you never get Reflected XSS to execute: Balancing Payloads
Beginners guide to Reflected XSS. Everyone talks about the different XSS cheatsheets, and then you are supposed to try them one by one to see if any of the payloads get executed on your target. We don't like that. It's time-consuming and a mindless task.