Meet Qwiet AI at Black Hat 2025! Schedule an executive meeting or join our Topgolf event on August 6.
Key Takeaways Claiming that AI alone is not sufficient proof is one thing; real value comes from demonstrating how AI actually functions, not merely stating that it exists. AI-washing erodes trust. Vague claims or superficial integrations damage credibility across the AppSec space. Agentic, transparent systems win. Teams should look for tools that integrate AI deeply, […]
READ MORE
Introduction Server-side template Injection (SSTI), the digital equivalent of a wolf in sheep’s clothing. It sneaks into your server, disguised as innocent user input, and wreaks havoc. But don’t worry, we’ve got the playbook to outwit this cunning adversary. So, let’s dive into the fascinating world of SSTI, understand its mechanics, and learn how to […]
Tl;dr; Today, we present the results of evaluating Qwiet AI’s static analysis pipeline on the OWASP benchmark, where we achieve a true positive rate of 100% at 25% false positives. With a resulting Youden Index of 75%, this makes our analysis the best in class, beating the commercial average by 45%, and being the only […]
Introduction Directory Traversal Attacks: they’re like the pickpockets of the web, sneaking around your server’s file system, looking for something valuable to snatch. But don’t worry; we’ve got the tools and techniques to catch these digital thieves red-handed. So, let’s get into the nitty-gritty of securing your file handling operations and making your server a […]
You likely know the old saying about “those of us who assume” and what it does to people. Although you typically use this phrase when discussing person-to-person interactions, you can also apply it to application programming. Applications are complex because they often run multiple tasks in a short time. On the other hand, they’re unintelligent […]
It started as a well-intentioned plan to help businesses access real-time tracking data to provide better service to their customers. The “Informed Visibility System” by the USPS started off with great intentions, but unfortunately rolled out the red carpet for cyberciminals, exposing sensitive data on 60 million users. The business team found a need and […]
Introduction SQL Injection: It’s like the pesky mosquito of web security, always buzzing around, looking for a way to suck the life out of your database. But don’t break out the bug spray just yet; we’ve got two powerful tools to swat this bug: Parameterized Queries and Stored Procedures. So, let’s roll up our sleeves […]
Imagine an application that doesn’t contain any data. You most likely read that sentence and thought, “Then that application is pretty pointless from a business perspective.” Business applications offer value precisely because users can ask questions and get answers. However, the application typically needs to query a database to get those answers and SQL is […]
While Bugs Bunny and company may be part of your favorite childhood memories, the Looney Tunables vulnerability could become one of your worst nightmares. CVE-2023-4911 remains under analysis but comes with a base Common Vulnerability Scoring System (CVSS) score of 7.8 (high). Primarily impacting Fedora, Ubuntu, and Debian, the easily exploitable buffer overflow vulnerability gives […]
As a developer, you know that the first rule of secure code club is to use trusted third-party repositories. However, threat actors engaging in software supply chain attacks target the trusted sources precisely because they know that developers are likely to use them. For example, in a recent blog post, a security researcher explained how […]
