cybersecurity

This article discusses vulnerability scanning tools relevant to securing modern web applications, so we’re not talking about network security scanners that find network vulnerabilities such as open ports or exposed operating system services. When pointed at a website or application, network scanners can only identify a handful of external application security issues like web server […]

The article delves into the concept of Assistant Prefill, a feature provided by many LLM providers that allows users to prefill the start of a model’s response to influence its output. While initially intended for practical use, such as enforcing response formats like JSON or XML, it has a crucial vulnerability: it can be exploited

Understanding Security by Design in Software Development Security by design in software development is a proactive approach that integrates cybersecurity principles at every stage of the secure software development lifecycle (SDLC). It focuses on identifying potential vulnerabilities during the design phase and addressing them preemptively, rather than waiting to patch issues after deployment. This approach

The boundary between websites, web applications, web services, APIs, and mobile applications is becoming increasingly blurred. Web technologies have become the default choice for software development, with frontends communicating with backends via APIs in complex distributed architectures and deployment models. As the lines between different types of applications blur, it becomes crucial to have reliable

Getting lost in cybersecurity jargon, AppSec acronyms, and vendor claims? Here’s your guide to what two of the major application security testing technologies can and cannot do—and why you should be worrying more about getting the big picture of your application security risks and less about deciding between acronyms. What is DAST and what is

Application security is a critical component of modern cybersecurity, safeguarding applications from threats that can compromise data integrity, user privacy, and system stability. Organizations that fail to implement robust security measures expose themselves to cyberattacks, data breaches, and compliance violations.To build a strong security foundation, application security relies on three essential pillars: secure software development,

Microservice architectures, public web services, system integrations, unified backends for web and mobile apps—all these things and more are made possible by APIs, or application programming interfaces. APIs are the backbone of modern web technologies but come with their own challenges and security risks, requiring as much (if not more) security testing as the user-facing

We all sometimes work with incomplete information and get by quite well. In fact, having the full picture is rarely required in day-to-day life. It only becomes important when dealing with problems that require extensive knowledge about the subject to get everything exactly right, especially in areas where you can’t immediately check if what you’re

The full top 25 list is a bit daunting and the assigned scores don’t change all that much once you get past the top offenders, so let’s start with just the top 10 to see what really matters: Top 10 CWEs for 2024 #1: Cross-site scripting (XSS, officially Improper Neutralization of Input During Web Page

Introducing brainstorm Brainstorm is a web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery. It combines traditional web fuzzing techniques (as implemented in ffuf) with AI-powered path generation to discover hidden endpoints, files, and directories in web applications. Brainstorm usually finds more endpoints with fewer requests. The tool