The Qwiet Blog

Security engineers know that some critical vulnerabilities don’t appear in simple scans. They cross language boundaries, involve dynamic behavior, or emerge from patterns that don’t exist in any public rule set. Traditional SAST tools, especially those built on static rules or syntax matching, weren’t designed to catch these risks. Graph-based analysis changes that. It enables […]

Recent breaches at GitLab and GitHub and new research into AI-driven coding expose a troubling pattern in software security: developers have built unified pipelines of tightly integrated tools. While these boost efficiency, they introduce new risks if attackers breach the platform: GitLab disclosed an actively exploited vulnerability tied to how CI/CD job tokens were handled […]

Help me CPG, you’re our only hope! The fundamental challenge in software security today isn’t just finding vulnerabilities, it is the inherently fragmented understanding of complex systems. When we examine why critical vulnerabilities persist despite sophisticated expertise and tooling, we often find they exist in the connections and interactions that traditional approaches are simply blind […]

Back in 1893, the Lizzie Borden murders, where the Massachusetts woman was accused of killing both her parents with an ax, captivated the public and news media. Eventually found not guilty, one fundamental question perplexed police officers and the jury. Every door inside the Borden house had its own lock and corresponding key, an attempt […]

Whether it’s school or car loans, you know that paying off your debt makes your life easier. It can improve your credit score, giving you more financial security. As a developer, you may also suffer from technical debt that impacts your application’s security. In a world where time to delivery is critical, you may make […]

Introduction Within the cascading bytes and bits of digital communications, developers forge pathways of data, threading information through the vast expanse of the internet. However, threats lurking within these pathways seek to intercept, manipulate, and exploit this data. This article ventures into HTTPS and Strict Transport Security (HSTS), offering developers a guide to comprehend, implement, […]

Another year, another Apache Struts 2 vulnerability that can lead to a major data breach. You may remember Apache Struts 2 from previous security alerts, like CVE-2017-5638, CVE-2020-17530, and CVE-2021-31805. When threat actors can find a vulnerability in the open-source web application framework, they immediately seek to create exploits. Typically, developers use the model-view-control (MVC) […]

Introduction Diving into the depths of application development often reveals the lurking dangers of sensitive information exposure. Secure management of environment variables, often used to store secrets like API keys and credentials, becomes a pivotal practice in navigating these treacherous waters. In this deep dive, we will explore the intricacies, best practices, and common pitfalls […]

Introduction GraphQL: A powerful querying language that allows developers to ask for exactly what they need, nothing more, nothing less. While it’s renowned for its efficiency and flexibility, it’s crucial to acknowledge the associated security implications. It’s like the double-edged sword that, if not handled with caution, can lead to potential vulnerabilities. Let’s explore the […]