The Qwiet blog

Node Package Manager (NPM) is the default package manager for JavaScript that makes it easier for developers to install, update, and manage web project dependencies. In July 2023, GitHub released a security alert about a social engineering campaign targeting personal accounts. On August 15, 2023, The Hacker News reported that North Korean threat actors appeared […]

Introduction Today, we delve deep into a commonly perplexing topic in web security: Mixed Content Warnings. Through this article, we aim to shed light on these warnings, their implications, and how their resolution can significantly enhance the safety of your web applications. Understanding Mixed Content In the online world, “Mixed Content” is a term that […]

Every day, another zero-day, previously unknown vulnerability seems to hit the news cycle. As a developer, staying up-to-date with the newest vulnerability is challenging, but they’re only the tip of the vulnerability iceberg. As soon as researchers publish their zero-day vulnerability, the issue transforms into a known vulnerability. Now, security teams and attackers race against […]

Introduction Open Redirection Attacks are more than just another item on the list of possible web application vulnerabilities; they are a grave security threat that can lead to devastating consequences. Understanding and mitigating these vulnerabilities is an essential skill for any web developer or security professional. In the following sections, we will dissect open redirection […]

On July 27, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a joint advisory with the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and U.S. National Security Agency (NSA). “Preventing Web Application Control Abuse” (the Advisory) provides recommendations for designers and developers to help protect against insecure direct object reference (IDOR) vulnerabilities.  If […]

Remote code execution (RCE) has been a part of many cybersecurity news headlines throughout the past few years. When attackers exploit an RCE vulnerability, they can gain complete control over the target machines or systems, almost like an invisible hand puppeteering the technologies.  As a developer, you should know how to identify and remediate a […]

Always be yourself. Unless you can become Batman, then be Batman. Although this meme-based life philosophy is funny, it hints at a truth you may have started discovering recently. In a digitally transformed business world, threat actors treat the web application vulnerability landscape like a digital Gotham. To perpetrate their criminal activities, malicious actors focus […]

I’m sure we’re all familiar with the idea made popular by Malcolm Gladwell’s book Outliers that it takes 10,000 hours to truly master something.  Based on the paper “The Role of Deliberate Practice in the Acquisition of Expert Performance“, the research data indicates that people who are experts in a field got to that level […]

With containers, you can build, deploy, scale, and integrate your applications without interruption. From the developer’s perspective, you get the efficiency and flexibility necessary for building an application that can be deployed to any operating system. From your security team’s perspective, you might be compromising the application’s security. You can think of it like storing […]