Meet us at Black Hat booth #4840 or schedule a 1:1 demo to see how Qwiet AI can accelerate your time to secure code
GitHub Copilot, the AI-powered coding assistant, has emerged as a game-changer in the software development landscape. By harnessing the power of generative AI, Copilot promises to accelerate coding tasks, boost developer productivity, and even democratize coding by making it more accessible to newcomers. However, as with any transformative technology, there are caveats. In Copilot’s case, […]
READ MOREIf you’ve ever had a toddler or a cat, you know they usually enjoy that box that an item comes in more than the item itself. In other words, you already know the first rule of business logic testing: the way people use applications isn’t logical. As a developer, you have a set idea about […]
Another year, another Apache Struts 2 vulnerability that can lead to a major data breach. You may remember Apache Struts 2 from previous security alerts, like CVE-2017-5638, CVE-2020-17530, and CVE-2021-31805. When threat actors can find a vulnerability in the open-source web application framework, they immediately seek to create exploits. Typically, developers use the model-view-control (MVC) […]
Introduction In the sprawling expanse of cyberspace, developers diligently weave intricate digital webs, fostering connectivity and enabling the digital experiences that have become integral to our daily lives. Amidst these strands, however, lurk potential threats, one of which stands out due to its silent yet potentially paralyzing impact: the Regular Expression Denial of Service (ReDoS) […]
When a developer hears the word “shell,” it doesn’t automatically evoke calming oceans waves and warm, luscious sand. More often, developers hear the word shell and their minds automatically transition to shell scripting. While shell script syntax may feel clunky by today’s modern coding standards, shell enables productivity and collaboration. On the other hand, many […]
Testing your application for business logic vulnerabilities is the digital version of a deep sea exploration. On the surface, you can identify various technical vulnerabilities, similar to how people snorkeling may come into contact with sandshark. However, the business logic vulnerabilities that hide within the application’s business logic are more difficult to detect and can […]
Safe exception handling is an indispensable ally for developers venturing into the depths of robust application development. A seamlessly functioning application enhances user experience and safeguards sensitive data during untoward incidents, such as errors and exceptions. Let’s unveil the stratagems to ace safe exception handling without spilling the informational beans to the outside world. Understanding […]
Who are you? Who? Who? If you’ve ever hummed that song to yourself when coding, then you already know the fundamental use case for the Lightweight Directory Access Protocol (LDAP). LDAP is the protocol that communicates access and authentication data across various technologies. As a vendor-neutral, open protocol, LDAP works with proprietary directory tools, like […]
Introduction HTTP Security Headers are akin to the guardians of web security, playing a pivotal role in safeguarding web applications against a myriad of threats. However, the path to implementing these headers is riddled with potential missteps. A minor misconfiguration can render them ineffective, exposing your application to exploits. This article will unravel developers’ typical […]
Introduction Race conditions linger as elusive threats in the domain of concurrent programming, creating a fertile ground for inconsistencies and unforeseen security vulnerabilities. These subtle programming bugs arise when multiple processes access shared resources simultaneously, leading to unpredictable and undesirable outcomes. This article will journey through the labyrinth of race conditions, exploring their implications on […]