Secure coding

Secure Coding category emphasizes writing robust, secure software. Delve into best practices, vulnerabilities, and techniques ensuring safer applications and systems.

Input processing vulnerabilities

Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe… Read more

Spring4Shell as a class injection example

Two serious vulnerabilities leading to remote code execution (RCE) have been found in the popular Spring framework, one in Spring… Read more

JNDI injection

Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and… Read more

JNDI injection. Log4Shell case study

On December 10, 2021, Apache released a fix for CVE-2021-44228, a critical RCE vulnerability affecting Log4j that is being exploited… Read more

JNDI injection. JDBC

Preventing JNDI injection vulnerabilities by using a source code review is always a good idea. Read more

Secure secrets management in Docker containers. Part 1

Secure secrets management in Docker containers from the offensive point of view. With examples and demo scripts. Read more

Secure secrets management in Docker containers. Part 2

Secure secrets management in Docker containers from the offensive point of view. Secrets in memory. Secrets in build arguments Read more

Bash/zsh scripts. Part 3

Secure secrets management in Docker containers from the offensive point of view. Secrets in bash/zsh scripts. Secrets in logs. Read more

Git secret leaks

Secure secrets management in git from the offensive point of view. With examples and demo scripts. Read more

Obtain secrets from different sources

Obtain secrets from storage buckets, static landing pages and other static content with examples Read more

Avoiding injection vulnerabilities

Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to… Read more

Avoiding XSS injection vulnerabilities

In this section, we'll describe some general principles for preventing cross-site scripting vulnerabilities and ways of using various common technologies Read more