The Qwiet blog

On August 22, 2023, security researchers at Symantec’s Threat Hunter Team identified a previously unknown advanced persistent threat (APT) group using Cobra DocGuard to deliver a backdoor to victim devices via the Korplug/PlugX malware. Carderbee used a known issue with Microsoft’s Windows Hardware Developer Program (MWHDP) to deploy the attack, one that Microsoft responded to […]

Introduction Every developer craves building applications that offer stellar functionalities. But equally, if not more, crucial is ensuring that these applications are built on a bedrock of security. Today, we’ll unravel one of the more notorious vulnerabilities plaguing the web – Cross-Site Scripting (XSS). In particular, we’ll dissect its most treacherous variant: the DOM-based XSS. […]

Introduction Decoding the Topic Every developer, at some point in their journey, is entrusted with the monumental task of ensuring data security, especially passwords. The weight of this responsibility cannot be emphasized enough. How we handle this task, choosing between hashing and encryption, can be the defining line between a rock-solid application and a security […]

Introduction When keeping information private and secure over the internet, SSL/TLS is essential. This sturdy structure protects data sent between clients and servers on the internet. In this essay, we will navigate the twisting roads of SSL/TLS, exposing its complexities and hazards and providing strategies for overcoming some of its most challenging obstacles. Overview of […]

Node Package Manager (NPM) is the default package manager for JavaScript that makes it easier for developers to install, update, and manage web project dependencies. In July 2023, GitHub released a security alert about a social engineering campaign targeting personal accounts. On August 15, 2023, The Hacker News reported that North Korean threat actors appeared […]

Introduction Today, we delve deep into a commonly perplexing topic in web security: Mixed Content Warnings. Through this article, we aim to shed light on these warnings, their implications, and how their resolution can significantly enhance the safety of your web applications. Understanding Mixed Content In the online world, “Mixed Content” is a term that […]

Every day, another zero-day, previously unknown vulnerability seems to hit the news cycle. As a developer, staying up-to-date with the newest vulnerability is challenging, but they’re only the tip of the vulnerability iceberg. As soon as researchers publish their zero-day vulnerability, the issue transforms into a known vulnerability. Now, security teams and attackers race against […]

Introduction Open Redirection Attacks are more than just another item on the list of possible web application vulnerabilities; they are a grave security threat that can lead to devastating consequences. Understanding and mitigating these vulnerabilities is an essential skill for any web developer or security professional. In the following sections, we will dissect open redirection […]

On July 27, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a joint advisory with the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and U.S. National Security Agency (NSA). “Preventing Web Application Control Abuse” (the Advisory) provides recommendations for designers and developers to help protect against insecure direct object reference (IDOR) vulnerabilities.  If […]