Intro Hi!I hope you were not affected by the recent faulty update from CrowdStrike. If you were, I hope you were able to quickly react and restore your critical systems to an operational state. In this edition, I’ve included a few hot topics. Aside from the CrowdStrike BSOD, you will…
This article is a part of Web API Security Champion series focused on API security vulnerabilities presented in a practical manner. Broken Function Level Authorization Description Broken Function Level Authorization is an API vulnerability that occurs when an application fails to enforce appropriate authorization checks for users attempting to access specific functionalities…
Intro Hi!The last few days have been full of news and articles about the RegreSSHion vulnerability, which affects hundreds of thousands of OpenSSH services. In this newsletter, you can find an article summarizing the vulnerability along with recommended remedial actions. If you’re working in Application Security field, I recommend taking the OWASP Top 10 Quiz to…
Intro Hi!The weekend is coming and I have a couple of articles worth to read. In the articles you will find Mandiant research on recent attacks targeting Snowflake instances which is great for both technical and less technical readers, it may help you to understand recent breaches at Santander and Ticketmaster. If you’re building…
Presenting an Unrestricted Resource Consumption vulnerability class using a password reset feature as an example.
Intro Hi!In this DevSec Selection episode, you will find some recent CVE proof of concepts, affecting GitLab and PHP, a guide to a Nuclei DAST. Also, at the end I added articles about recent breaches at Santander and Hugging Face, plus an article about serious security concerns of Microsoft Recall feature released recently. Also, in…
Broken Object Property Level presented in a practical way with methods for identifying and preventing vulnerabilities based on OWASP.
Intro Hi!I will start this edition with the following quote: “In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%).” ~Nicole Choi (GitHub) In the newsletter you will find how Canva implemented Endpoint Vulnerability Management at scale, ideas for enhancing SAST…
Intro Hi!In this edition of DevSec Selection, I explore key topics in application and infrastructure security. We delve into the broken authentication security vulnerabilities. Next, an article compares EPSS with CVSS, offering a formula to prioritize vulnerability remediation at scale. I also included an article about less known Dependency Confusion supply chain attack where author…
Explaining one of the most common web API vulnerability classes - Broken Authentication in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.
Software Engineer and Security Researcher, writing about application security in SDLC and DevSecOps 🔐
