The Qwiet blog
Your RSA 2025 Survival Guide: Real Talk, Intelligent AI, and Where Security Connects
RSA 2025 is almost here, and if you plan just to wing it, good luck. With a packed schedule and an overwhelming amount of vendor noise, this year’s conference will be full of AI hype, a key theme shaping the discussions and presentations. You’ll need a solid plan to cut through the clutter and get […]
READ MOREAll posts
Filter by
Addressing Security and Compliance Risk in the...
We review the different compliance standards that apply to the software development life cycle (SDLC) along with best practices for meeting them. It’s no surprise that developers are being asked to become security people. According to the 2021 Verizon Data Breach Investigation Report, basic web application attacks were the second most-used patterns found for breaches […]
API Security 101: Improper Assets Management
On March 21, the Biden administration directed US companies to "harden your cyber defenses immediately." With these new federal guidelines for application security, the White House urged software developers to deploy "modern tools that can detect known and potential vulnerabilities" in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.
The Cybersecurity Executive Order: the first 120...
Improper Restriction of XML External Entity Reference When the Executive Order on Improving the Nation’s Cybersecurity (Executive Order) was released in May 2021, it came with some very short deadlines for agencies. Most of the Executive Order’s timelines were in the 45-, 60-, and 90-day range. With that in mind, taking a look at the […]
The first step to build a secure...
What every developer should do before they start writing code I talk a lot about finding and fixing vulnerabilities on my blog. But what can you do to prevent vulnerabilities way before they happen? Today, let’s talk about the first step you can take towards a more secure application. A lot of times we think […]
What is Stored XSS?
On March 21, the Biden administration directed US companies to "harden your cyber defenses immediately." With these new federal guidelines for application security, the White House urged software developers to deploy "modern tools that can detect known and potential vulnerabilities" in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.
API Security 101: Injection
How SQL injection and command injection happen in APIs You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, […]
