Secure coding
Secure Coding category emphasizes writing robust, secure software. Delve into best practices, vulnerabilities, and techniques ensuring safer applications and systems.
Obtain secrets from storage buckets, static landing pages and other static content with examples Read more Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to… Read more In this section, we'll describe some general principles for preventing cross-site scripting vulnerabilities and ways of using various common technologies Read more Every command call and dynamic code generation method is a ticking bomb and must be handled accordingly. Read more The best way to prevent server-side template injection is to not allow any users to modify or submit new templates. Read more Secure coding practices prescribe that spring expressions using dynamic values should be avoided. Read more Insecure deserialization is when user-controllable data is deserialised by a website. This potentially enables an attacker to manipulate serialised objects… Read more Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe… Read more Two serious vulnerabilities leading to remote code execution (RCE) have been found in the popular Spring framework, one in Spring… Read more Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and… Read more On December 10, 2021, Apache released a fix for CVE-2021-44228, a critical RCE vulnerability affecting Log4j that is being exploited… Read more Preventing JNDI injection vulnerabilities by using a source code review is always a good idea. Read more
