API API Security: Best Practices for Python Developers - Part I Developer’s Guide for a secure API implementation. Devs are the core of web applications, however, they are also the ones who end up introducing and deploying vulnerabilities that later get exploited. That's why you should know how to prevent common attacks and secure your endpoints correctly. Oriana Olivetti 26 Mar 2024 · 7 min read
SAST SAST vs. DAST: Choosing the Right Security Testing for Your Project Distinguishing between SAST & DAST is crucial for any robust security strategy. Adopting a unified approach, by leveraging both scans, ensures that your software remains secure during its lifecycle, effectively mitigating potential risks and vulnerabilities in today’s fast-paced digital environment. Oriana Olivetti 14 Mar 2024 · 3 min read
automated penetration testing AI Pentesting vs Automated Penetration Testing In the rapidly evolving cybersecurity landscape, where the emergence of AI-generated code presents unprecedented challenges, the concept of automated penetration testing emerges as a beacon of innovation and efficiency. Oriana Olivetti 29 Feb 2024 · 4 min read
Why you never get Reflected XSS to execute: Balancing Payloads Beginners guide to Reflected XSS. Everyone talks about the different XSS cheatsheets, and then you are supposed to try them one by one to see if any of the payloads get executed on your target. We don't like that. It's time-consuming and a mindless task. Oriana Olivetti 20 Feb 2024 · 4 min read
XSS AWS S3 Bucket Takeover - how to find it and maximize impact? The impact of an AWS S3 Bucket Takeover can range from none, account takeover, and even up to RCE. In this article, we’ll tell you how to find it and maximize its impact Greg 10 Jan 2024 · 6 min read
Security of new features in Next.js 14 - Server Actions, Taints Next.js 14 (and 13) introduced many attack vectors without providing the tooling necessary for organizations to detect them. It is easier than ever before to expose server secrets, introduce unauthenticated "endpoints" or any other issue that will make you vulnerable Dawid Moczadło 30 Oct 2023 · 5 min read