Love them or hate them, large language models (LLM) are here to stay. After opening the Pandora’s Box of ChatGPT in late 2022, everyone from developers to grandmas began using the tool to get the answers they wanted – and fast. As with every other new technology, ChatGPT created a new set of security risks, […]
READ MOREImagine yourself standing in a local fair at night. The bright lights from the games beckon you, and you see your favorite game, the one you’re best at – Whack-A-Mole. You excitedly walk up to the booth, plunk down your few dollars, and get ready to whack a bunch of plastic, animatronic moles back into […]
Introduction In the world of software development, managing dependencies is like keeping the gears of a well-oiled machine running smoothly. Get ready to dive deep into practical strategies and tools that streamline your development process, ensuring your projects are as efficient and error-free as possible. This is your guide to mastering dependency management, making every […]
There’s no doubt AI is a big part of our lives. Qwiet AI utilizes AI for vulnerability detection in code, my high schoolers have their papers checked to see if they were written by ChatGPT, and one of my IMDb credits is for a movie about AI taking over our lives. It’s a huge topic […]
Introduction Content Security Policy (CSP) is pivotal in the vast web security landscape. Much like a dedicated sentinel, it serves as your web application’s first line of defense, ceaselessly monitoring for any anomalies or breaches. Its role is crucial: whenever CSP spots a violation, it raises the alarm, signaling a potential threat. These violations are […]
Introduction OAuth 2.0, the authorization framework, is as ubiquitous as cat videos on the internet. But just like those seemingly innocent videos, OAuth 2.0 can hide some nasty surprises if not implemented correctly. As the digital landscape evolves, so do the challenges and threats developers face. Ensuring that our web applications are secure is not […]
Introduction Error messages in web development can be likened to that friend who always spills the beans at the most inopportune times. They’re well-intentioned, aiming to help developers debug and users understand issues, but they can sometimes be too forthcoming. In the landscape of web applications, such transparency can be a grave security concern. As […]
Introduction Server-side template Injection (SSTI), the digital equivalent of a wolf in sheep’s clothing. It sneaks into your server, disguised as innocent user input, and wreaks havoc. But don’t worry, we’ve got the playbook to outwit this cunning adversary. So, let’s dive into the fascinating world of SSTI, understand its mechanics, and learn how to […]
Tl;dr; Today, we present the results of evaluating Qwiet AI’s static analysis pipeline on the OWASP benchmark, where we achieve a true positive rate of 100% at 25% false positives. With a resulting Youden Index of 75%, this makes our analysis the best in class, beating the commercial average by 45%, and being the only […]
Introduction Directory Traversal Attacks: they’re like the pickpockets of the web, sneaking around your server’s file system, looking for something valuable to snatch. But don’t worry; we’ve got the tools and techniques to catch these digital thieves red-handed. So, let’s get into the nitty-gritty of securing your file handling operations and making your server a […]
You likely know the old saying about “those of us who assume” and what it does to people. Although you typically use this phrase when discussing person-to-person interactions, you can also apply it to application programming. Applications are complex because they often run multiple tasks in a short time. On the other hand, they’re unintelligent […]
It started as a well-intentioned plan to help businesses access real-time tracking data to provide better service to their customers. The “Informed Visibility System” by the USPS started off with great intentions, but unfortunately rolled out the red carpet for cyberciminals, exposing sensitive data on 60 million users. The business team found a need and […]
© 2024 Qwiet. All rights reserved.