cybersecurity

The boundary between websites, web applications, web services, APIs, and mobile applications is becoming increasingly blurred. Web technologies have become the default choice for software development, with frontends communicating with backends via APIs in complex distributed architectures and deployment models. As the lines between different types of applications blur, it becomes crucial to have reliable […]

Getting lost in cybersecurity jargon, AppSec acronyms, and vendor claims? Here’s your guide to what two of the major application security testing technologies can and cannot do—and why you should be worrying more about getting the big picture of your application security risks and less about deciding between acronyms. What is DAST and what is

Application security is a critical component of modern cybersecurity, safeguarding applications from threats that can compromise data integrity, user privacy, and system stability. Organizations that fail to implement robust security measures expose themselves to cyberattacks, data breaches, and compliance violations.To build a strong security foundation, application security relies on three essential pillars: secure software development,

We all sometimes work with incomplete information and get by quite well. In fact, having the full picture is rarely required in day-to-day life. It only becomes important when dealing with problems that require extensive knowledge about the subject to get everything exactly right, especially in areas where you can’t immediately check if what you’re

The full top 25 list is a bit daunting and the assigned scores don’t change all that much once you get past the top offenders, so let’s start with just the top 10 to see what really matters: Top 10 CWEs for 2024 #1: Cross-site scripting (XSS, officially Improper Neutralization of Input During Web Page

Introducing brainstorm Brainstorm is a web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery. It combines traditional web fuzzing techniques (as implemented in ffuf) with AI-powered path generation to discover hidden endpoints, files, and directories in web applications. Brainstorm usually finds more endpoints with fewer requests. The tool

It’s nearly 2025, yet SQL injection still ranks as the #3 most dangerous application security weakness. Despite tech industry hype suggesting that SQL databases are on their way out and it’s only a matter of time before they’re all replaced by NoSQL, GraphQL, or some other QL, SQL injections continue to feature in data breaches

The underlying vulnerability: Unsafe initialization vectors in TLS 1.0 The vulnerability in version 1.0 of the TLS (Transport Layer Security) protocol that was later exploited in the BEAST attack had been known since 2002 and fixed in the TLS 1.1 specification from 2006. It was considered impractical to exploit, as it required a huge number

Diffusion models Diffusion models are generative artificial intelligence models that produce unique photorealistic images from text prompts. A diffusion model creates images by slowly turning random noise into a clear picture. It starts with just noise and, step by step, removes bits of it, slowly shaping the random patterns into a recognizable image. This process

Intro to NotebookLM One of the tools that I found recently and I keep using more and more each day is NotebookLM from Google Labs. NotebookLM is a great tool for learning new topics, researching large amounts of data, summarizing data. The data is organized into notebooks, each notebook can contain multiple sources of data.You