DEV Community

# appsec

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Lessons Learned #2: Your new feature could introduce a security vulnerability to your old feature (Clickhouse CVE-2024-22412)

Lessons Learned #2: Your new feature could introduce a security vulnerability to your old feature (Clickhouse CVE-2024-22412)

Comments
4 min read
Why Security Misconfigurations Matter and 5 Ways to Prevent Them

Why Security Misconfigurations Matter and 5 Ways to Prevent Them

Comments
1 min read
API Security Tools: Threat Protection vs. Testing & 8 Tools to Know

API Security Tools: Threat Protection vs. Testing & 8 Tools to Know

5
Comments
1 min read
API Security: Threats, Tools, and Best Practices

API Security: Threats, Tools, and Best Practices

5
Comments
1 min read
Prevention: It's Time to Save Those Millions

Prevention: It's Time to Save Those Millions

1
Comments
2 min read
Introducing Omni4J: Secure your Java code

Introducing Omni4J: Secure your Java code

Comments
2 min read
DEF CON 32: What We Learned About Secrets Security at AppSec Village

DEF CON 32: What We Learned About Secrets Security at AppSec Village

8
Comments 1
9 min read
Lessons Learned #1: One line of code can make your application vulnerable (Pre-Auth RCE in Metabase CVE-2023–38646)

Lessons Learned #1: One line of code can make your application vulnerable (Pre-Auth RCE in Metabase CVE-2023–38646)

Comments
4 min read
Compreendendo o SAMM

Compreendendo o SAMM

Comments
6 min read
Web Security and Bug Bounty Hunting: Knowledge, Tools, and Certifications

Web Security and Bug Bounty Hunting: Knowledge, Tools, and Certifications

2
Comments
3 min read
Understanding the Distinction Between Information Security and Cybersecurity

Understanding the Distinction Between Information Security and Cybersecurity

Comments
2 min read
Secure SDLC (Part 1): issues, approach, tech metrics, team’s KPI

Secure SDLC (Part 1): issues, approach, tech metrics, team’s KPI

1
Comments
6 min read
Next.js: consequence of AppRouter on your CSP

Next.js: consequence of AppRouter on your CSP

Comments
3 min read
Creating a DevSecOps pipeline with Jenkins — Part 1

Creating a DevSecOps pipeline with Jenkins — Part 1

1
Comments
12 min read
Mastering Application Security: The Power of Rate Limiting

Mastering Application Security: The Power of Rate Limiting

7
Comments
6 min read
Next.js: Crafting a Strict CSP

Next.js: Crafting a Strict CSP

1
Comments 1
4 min read
O que vem depois do Pentesting?

O que vem depois do Pentesting?

14
Comments
13 min read
Security - A brief introduction to application security

Security - A brief introduction to application security

5
Comments
2 min read
Pensando sobre Cultura de AppSec

Pensando sobre Cultura de AppSec

8
Comments 1
3 min read
Securing Your Applications on AWS: Guide to Data Privacy and Protection

Securing Your Applications on AWS: Guide to Data Privacy and Protection

2
Comments
3 min read
Como identificar vulnerabilidades no código fonte?

Como identificar vulnerabilidades no código fonte?

26
Comments 3
8 min read
Dicas de codificação segura em C#

Dicas de codificação segura em C#

24
Comments 3
9 min read
Building security for digital wallets and financial applications

Building security for digital wallets and financial applications

2
Comments 1
2 min read
Threads of the Next Wave of DevOps

Threads of the Next Wave of DevOps

9
Comments
7 min read
DEF CON 31: A hot time in the Las Vegas heat and some cool days in AppSec Village

DEF CON 31: A hot time in the Las Vegas heat and some cool days in AppSec Village

2
Comments
14 min read
Fun Infosec Writeups from GH

Fun Infosec Writeups from GH

Comments
3 min read
Interesting Software Vulns

Interesting Software Vulns

Comments
3 min read
Codificação segura, por que todos devs precisam conhecer?

Codificação segura, por que todos devs precisam conhecer?

17
Comments 3
2 min read
DAST in 5 Minutes (Or Less): What You Need to Know

DAST in 5 Minutes (Or Less): What You Need to Know

Comments
3 min read
Configurando o agente DAST ISM Veracode em servidores Linux

Configurando o agente DAST ISM Veracode em servidores Linux

1
Comments
3 min read
Mitigate the hidden security risks of open source software libraries

Mitigate the hidden security risks of open source software libraries

1
Comments 1
9 min read
Criando meu próprio Github Actions para a área de AppSec

Criando meu próprio Github Actions para a área de AppSec

1
Comments
3 min read
VMClarity: What Happens During a Scan?

VMClarity: What Happens During a Scan?

1
Comments
2 min read
VMClarity: Virtual Machine Security

VMClarity: Virtual Machine Security

4
Comments 1
2 min read
Breaking and building encryption in NFC digital wallets 📳

Breaking and building encryption in NFC digital wallets 📳

4
Comments
2 min read
How to scan your ruby or JS project for security improvements, for free.

How to scan your ruby or JS project for security improvements, for free.

2
Comments
3 min read
What’s the Difference between AppSec, Software Security, Cybersecurity, and DevSecOps?

What’s the Difference between AppSec, Software Security, Cybersecurity, and DevSecOps?

3
Comments
6 min read
Os diferentes modos de se realizar SAST com a Veracode

Os diferentes modos de se realizar SAST com a Veracode

3
Comments
4 min read
Modelagem de Ameaças -Decompondo o Aplicativo

Modelagem de Ameaças -Decompondo o Aplicativo

2
Comments
7 min read
Terminologias Utilizadas em Modelagem de Ameaças

Terminologias Utilizadas em Modelagem de Ameaças

2
Comments
4 min read
Explicando o TOP 4 da OWASP "Design Inseguro" para desenvolvedores

Explicando o TOP 4 da OWASP "Design Inseguro" para desenvolvedores

10
Comments
3 min read
Modelagem de Ameaças - Introdução

Modelagem de Ameaças - Introdução

2
Comments
3 min read
Princípios de Segurança Cibernética

Princípios de Segurança Cibernética

2
Comments
7 min read
Explicando o TOP 2 da OWASP "Falhas Criptográficas" para desenvolvedores

Explicando o TOP 2 da OWASP "Falhas Criptográficas" para desenvolvedores

10
Comments
5 min read
Explicando o TOP 1 da OWASP "Broken Access Control" para desenvolvedores

Explicando o TOP 1 da OWASP "Broken Access Control" para desenvolvedores

6
Comments
7 min read
GitHub: How To Enable Code Scanning With Semgrep

GitHub: How To Enable Code Scanning With Semgrep

5
Comments
3 min read
open-appsec NGINX WAF makes machine learning friendly using gamification

open-appsec NGINX WAF makes machine learning friendly using gamification

4
Comments
2 min read
How to Automate OWASP ZAP

How to Automate OWASP ZAP

7
Comments 1
8 min read
Subscribe to a new newsletter for security-aware developers!

Subscribe to a new newsletter for security-aware developers!

6
Comments
1 min read
What is Minimum Viable Security (MVS) and how does it improve the life of developers?

What is Minimum Viable Security (MVS) and how does it improve the life of developers?

6
Comments 1
6 min read
Encryption in ⛅ cloud native apps

Encryption in ⛅ cloud native apps

12
Comments
3 min read
Network Traffic Observability: Three PacketStreamer Use Cases

Network Traffic Observability: Three PacketStreamer Use Cases

5
Comments
3 min read
Doing DevSecOps without constant CI/CD changes

Doing DevSecOps without constant CI/CD changes

4
Comments
5 min read
How to Approach DevSecOps Security Automation

How to Approach DevSecOps Security Automation

5
Comments
5 min read
2 free data security tools every dev should know (and use)

2 free data security tools every dev should know (and use)

13
Comments 3
2 min read
ThreatMapper 1.3.0: Now with Secret Scanning, Runtime SBOMs, and More

ThreatMapper 1.3.0: Now with Secret Scanning, Runtime SBOMs, and More

7
Comments
5 min read
Spring Boot: Prevent Log Injection Attacks With Logback

Spring Boot: Prevent Log Injection Attacks With Logback

5
Comments
4 min read
Exploring 🚩🚩🚩red flags in React Native security libraries

Exploring 🚩🚩🚩red flags in React Native security libraries

5
Comments
2 min read
How to build a secure crypto wallet

How to build a secure crypto wallet

9
Comments 4
1 min read
Authentication bypass in cryptography library

Authentication bypass in cryptography library

5
Comments
3 min read
loading...