The Qwiet blog

Imagine an application that doesn’t contain any data. You most likely read that sentence and thought, “Then that application is pretty pointless from a business perspective.” Business applications offer value precisely because users can ask questions and get answers. However, the application typically needs to query a database to get those answers and SQL is […]

While Bugs Bunny and company may be part of your favorite childhood memories, the Looney Tunables vulnerability could become one of your worst nightmares. CVE-2023-4911 remains under analysis but comes with a base Common Vulnerability Scoring System (CVSS) score of 7.8 (high). Primarily impacting Fedora, Ubuntu, and Debian, the easily exploitable buffer overflow vulnerability gives […]

As a developer, you know that the first rule of secure code club is to use trusted third-party repositories. However, threat actors engaging in software supply chain attacks target the trusted sources precisely because they know that developers are likely to use them. For example, in a recent blog post, a security researcher explained how […]

Software and application development has changed significantly with the introduction of cloud-based services. Historically, developers write code on local desktops or laptops, meaning attackers needed to compromise the physical device. Further, this limited malicious actors’ ability to compromise the entire source code because no single developer had it stored on their device in its entirety. […]

Introduction CORS: Four simple letters that carry immense weight in web security. As the digital landscape expands, the bridges that allow our applications to communicate become crucial. CORS is that bridge. The unsung hero ensures seamless interactions, but a slight misstep can lead to vulnerabilities. Let’s journey to understand CORS better and ensure our web […]

As telemedicine, AI diagnostics, and patient-centric apps gain traction, the role of secure and compliant application development is more crucial than ever.  Leaders must now navigate this dual arena of rapid tech advancements and stringent data protection requirements in a field that is seeing a steady increase in cyberattacks and databreaches.   What is the primary […]

“It was a dark and stormy night…” While this introduction works for spooky stories, no developer wants their app to become nightmare fuel. While you might be able to grab a flashlight to comfort yourself around a campfire, you don’t have the same protection when you’re working on an application. Increasingly, developers use third-party code […]

Containers are your continuous integration and deployment (CI/CD) workhorse. Your software development processes could exist without them, but the question becomes, “Do you really want to though?” Typically, the answer to that question is “no.” Simultaneously, as you shift security left, your DevOps processes increasingly transform into DevSecOps, adding new responsibilities. Your container runtime is […]

Introduction Let’s dive into the fascinating world of web security, specifically discussing a notorious threat – clickjacking. Imagine a user clicking on a button thinking they like a photo but instead transferring money from their bank account. Scary, right? That’s clickjacking for you. This threat not only compromises user trust but can also deal a […]