The Qwiet blog

Introduction GraphQL: A powerful querying language that allows developers to ask for exactly what they need, nothing more, nothing less. While it’s renowned for its efficiency and flexibility, it’s crucial to acknowledge the associated security implications. It’s like the double-edged sword that, if not handled with caution, can lead to potential vulnerabilities. Let’s explore the […]

Introduction Caching is often likened to a magician’s sleight of hand, making web applications run seamlessly and swiftly. But as with any magic trick, it can lead to unintended consequences if not executed precisely. In the vast world of web development, understanding cache control is important. It bridges performance and security, ensuring your application remains […]

There’s no doubt AI is a big part of our lives.  Qwiet AI utilizes AI for vulnerability detection in code, my high schoolers have their papers checked to see if they were written by ChatGPT, and one of my IMDb credits is for a movie about AI taking over our lives.   It’s a huge topic […]

Introduction Content Security Policy (CSP) is pivotal in the vast web security landscape. Much like a dedicated sentinel, it serves as your web application’s first line of defense, ceaselessly monitoring for any anomalies or breaches. Its role is crucial: whenever CSP spots a violation, it raises the alarm, signaling a potential threat. These violations are […]

Introduction OAuth 2.0, the authorization framework, is as ubiquitous as cat videos on the internet. But just like those seemingly innocent videos, OAuth 2.0 can hide some nasty surprises if not implemented correctly. As the digital landscape evolves, so do the challenges and threats developers face. Ensuring that our web applications are secure is not […]

Introduction Error messages in web development can be likened to that friend who always spills the beans at the most inopportune times. They’re well-intentioned, aiming to help developers debug and users understand issues, but they can sometimes be too forthcoming. In the landscape of web applications, such transparency can be a grave security concern. As […]

Introduction Server-side template Injection (SSTI), the digital equivalent of a wolf in sheep’s clothing. It sneaks into your server, disguised as innocent user input, and wreaks havoc. But don’t worry, we’ve got the playbook to outwit this cunning adversary. So, let’s dive into the fascinating world of SSTI, understand its mechanics, and learn how to […]

Tl;dr; Today, we present the results of evaluating Qwiet AI’s static analysis pipeline on the OWASP benchmark, where we achieve a true positive rate of 100% at 25% false positives. With a resulting Youden Index of 75%, this makes our analysis the best in class, beating the commercial average by 45%, and being the only […]

Introduction Directory Traversal Attacks: they’re like the pickpockets of the web, sneaking around your server’s file system, looking for something valuable to snatch. But don’t worry; we’ve got the tools and techniques to catch these digital thieves red-handed. So, let’s get into the nitty-gritty of securing your file handling operations and making your server a […]