DevSec Blog

DevSecOps, Application Security technical articles and learning materials from experienced security engineers

Broken Function Level Authorization — Web API Security Champion Part V

This article is a part of Web API Security Champion series focused on API security vulnerabilities presented in a practical manner. Broken Function Level Authorization Description Broken Function Level Authorization is an API vulnerability that occurs when an application fails to enforce appropriate authorization checks for users attempting to access specific functionalities…

DevSec Selection #11 – RegreSSHion, API Rate Limiting, OWASP Quiz

DevSec Selection Logo

Intro Hi!The last few days have been full of news and articles about the RegreSSHion vulnerability, which affects hundreds of thousands of OpenSSH services. In this newsletter, you can find an article summarizing the vulnerability along with recommended remedial actions. If you’re working in Application Security field, I recommend taking the OWASP Top 10 Quiz to…

DevSec Selection #8 – SAST with AI, Git RCE, Semgrep for K8s

DevSec Selection Logo

Intro Hi!I will start this edition with the following quote: “In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%).”     ~Nicole Choi (GitHub) In the newsletter you will find how Canva implemented Endpoint Vulnerability Management at scale, ideas for enhancing SAST…

DevSec Selection #7 – EPSS, Dependency Confusion, GitLab Security Notes

DevSec Selection Logo

Intro Hi!In this edition of DevSec Selection, I explore key topics in application and infrastructure security. We delve into the broken authentication security vulnerabilities. Next, an article compares EPSS with CVSS, offering a formula to prioritize vulnerability remediation at scale. I also included an article about less known Dependency Confusion supply chain attack where author…