Love them or hate them, large language models (LLM) are here to stay. After opening the Pandora’s Box of ChatGPT in late 2022, everyone from developers to grandmas began using the tool to get the answers they wanted – and fast. As with every other new technology, ChatGPT created a new set of security risks, […]
READ MOREImagine yourself standing in a local fair at night. The bright lights from the games beckon you, and you see your favorite game, the one you’re best at – Whack-A-Mole. You excitedly walk up to the booth, plunk down your few dollars, and get ready to whack a bunch of plastic, animatronic moles back into […]
Introduction In the world of software development, managing dependencies is like keeping the gears of a well-oiled machine running smoothly. Get ready to dive deep into practical strategies and tools that streamline your development process, ensuring your projects are as efficient and error-free as possible. This is your guide to mastering dependency management, making every […]
Introduction In software development, transitioning to a microservices architecture is like breaking a big structure into smaller, more connected units. This change lets you scale and be flexible but also brings security challenges. This article looks at how to secure a microservices architecture. It focuses on strategies to isolate and protect each service. Security Risks […]
Back in 1893, the Lizzie Borden murders, where the Massachusetts woman was accused of killing both her parents with an ax, captivated the public and news media. Eventually found not guilty, one fundamental question perplexed police officers and the jury. Every door inside the Borden house had its own lock and corresponding key, an attempt […]
Introduction Within the cascading bytes and bits of digital communications, developers forge pathways of data, threading information through the vast expanse of the internet. However, threats lurking within these pathways seek to intercept, manipulate, and exploit this data. This article ventures into HTTPS and Strict Transport Security (HSTS), offering developers a guide to comprehend, implement, […]
Introduction GraphQL: A powerful querying language that allows developers to ask for exactly what they need, nothing more, nothing less. While it’s renowned for its efficiency and flexibility, it’s crucial to acknowledge the associated security implications. It’s like the double-edged sword that, if not handled with caution, can lead to potential vulnerabilities. Let’s explore the […]
Introduction Caching is often likened to a magician’s sleight of hand, making web applications run seamlessly and swiftly. But as with any magic trick, it can lead to unintended consequences if not executed precisely. In the vast world of web development, understanding cache control is important. It bridges performance and security, ensuring your application remains […]
Introduction CORS: Four simple letters that carry immense weight in web security. As the digital landscape expands, the bridges that allow our applications to communicate become crucial. CORS is that bridge. The unsung hero ensures seamless interactions, but a slight misstep can lead to vulnerabilities. Let’s journey to understand CORS better and ensure our web […]
“It was a dark and stormy night…” While this introduction works for spooky stories, no developer wants their app to become nightmare fuel. While you might be able to grab a flashlight to comfort yourself around a campfire, you don’t have the same protection when you’re working on an application. Increasingly, developers use third-party code […]
Introduction Let’s dive into the fascinating world of web security, specifically discussing a notorious threat – clickjacking. Imagine a user clicking on a button thinking they like a photo but instead transferring money from their bank account. Scary, right? That’s clickjacking for you. This threat not only compromises user trust but can also deal a […]
As the neverending stream of publications implementing Executive Order (EO) 14028 continue to drop, the National Institute of Standards and Technology (NIST) continues to provide additional guidance. At the end of August 2023, NIST released its most recent draft Special Publication (SP) 800-204D “Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD […]
© 2024 Qwiet. All rights reserved.