The Qwiet Blog

Key Takeaways False negatives pose a significant hidden risk by allowing real vulnerabilities to slip through security scans undetected, leaving systems exposed without raising alerts. Technical limitations, changing environments, and tool trade-offs are the main reasons false negatives persist, even after decades of AppSec progress. Reducing false negatives requires a comprehensive and layered strategy that […]

Did you miss the first post? Check out: AppSec House of Cards: Legacy Scanners vs. Agentic Workflows Modern applications aren’t monoliths. They’re sprawling, service-based systems built in multiple languages and stitched with queues, APIs, and serialization layers. In this environment, user input doesn’t just move it migrates across boundaries. The Business Risk: When One Missed […]

Recent breaches at GitLab and GitHub and new research into AI-driven coding expose a troubling pattern in software security: developers have built unified pipelines of tightly integrated tools. While these boost efficiency, they introduce new risks if attackers breach the platform: GitLab disclosed an actively exploited vulnerability tied to how CI/CD job tokens were handled […]

Introduction In software development, transitioning to a microservices architecture is like breaking a big structure into smaller, more connected units. This change lets you scale and be flexible but also brings security challenges. This article looks at how to secure a microservices architecture. It focuses on strategies to isolate and protect each service. Security Risks […]

Back in 1893, the Lizzie Borden murders, where the Massachusetts woman was accused of killing both her parents with an ax, captivated the public and news media. Eventually found not guilty, one fundamental question perplexed police officers and the jury. Every door inside the Borden house had its own lock and corresponding key, an attempt […]

Introduction Within the cascading bytes and bits of digital communications, developers forge pathways of data, threading information through the vast expanse of the internet. However, threats lurking within these pathways seek to intercept, manipulate, and exploit this data. This article ventures into HTTPS and Strict Transport Security (HSTS), offering developers a guide to comprehend, implement, […]

Introduction GraphQL: A powerful querying language that allows developers to ask for exactly what they need, nothing more, nothing less. While it’s renowned for its efficiency and flexibility, it’s crucial to acknowledge the associated security implications. It’s like the double-edged sword that, if not handled with caution, can lead to potential vulnerabilities. Let’s explore the […]

Introduction Caching is often likened to a magician’s sleight of hand, making web applications run seamlessly and swiftly. But as with any magic trick, it can lead to unintended consequences if not executed precisely. In the vast world of web development, understanding cache control is important. It bridges performance and security, ensuring your application remains […]

Introduction CORS: Four simple letters that carry immense weight in web security. As the digital landscape expands, the bridges that allow our applications to communicate become crucial. CORS is that bridge. The unsung hero ensures seamless interactions, but a slight misstep can lead to vulnerabilities. Let’s journey to understand CORS better and ensure our web […]