The Qwiet blog

Remote code execution (RCE) has been a part of many cybersecurity news headlines throughout the past few years. When attackers exploit an RCE vulnerability, they can gain complete control over the target machines or systems, almost like an invisible hand puppeteering the technologies.  As a developer, you should know how to identify and remediate a […]

Always be yourself. Unless you can become Batman, then be Batman. Although this meme-based life philosophy is funny, it hints at a truth you may have started discovering recently. In a digitally transformed business world, threat actors treat the web application vulnerability landscape like a digital Gotham. To perpetrate their criminal activities, malicious actors focus […]

I’m sure we’re all familiar with the idea made popular by Malcolm Gladwell’s book Outliers that it takes 10,000 hours to truly master something.  Based on the paper “The Role of Deliberate Practice in the Acquisition of Expert Performance“, the research data indicates that people who are experts in a field got to that level […]

With containers, you can build, deploy, scale, and integrate your applications without interruption. From the developer’s perspective, you get the efficiency and flexibility necessary for building an application that can be deployed to any operating system. From your security team’s perspective, you might be compromising the application’s security. You can think of it like storing […]

We all do it. When we are recalling a story or something that happened in our lives, we fill in the “fuzzy” areas with what we believe to be the truth. It’s human nature to embellish somewhat or simply fill in the blanks with what could be facts based on our recollection, but often are […]

For a lot of programmers, Python is their “love language.” Easy to learn and use, Python is perfect for building cutting-edge machine learning and cloud computing projects. Unfortunately, knowing that programmers love Python, malicious actors have started targeting the Python Package Index (PyPI) as part of supply chain attacks.  As researchers identify more malicious Python […]

Shipping your software – and doing it on time – may be your first priority as a developer. However, as your company shifts security left, you need to build it into your processes while still meeting estimated timelines. Now you need to manage cross-functional communications and respond to seemingly competing priorities. You’re trying to debug […]

Shortcomings of static program analysis in practice Creating programs that analyze other programs is a fascinating idea in itself. It hurts me to say that static code analysis has a remarkably bad reputation among practitioners. If you have performed security assessments and used these tools, you may agree that pinpointing the concrete shortcomings of these […]

According to the 1980’s cartoon G.I. Joe, “knowing is half the battle.” Unfortunately, threat actors often have more information than their targets, which is why they’re so successful. For developers and AppSec teams, having information about threat actor tactics, techniques, and procedures (TTPs) helps even the digital battlefield.  Threat intelligence feeds provide data about malicious […]