Intro Hi!I will start this edition with the following quote: “In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%).” ~Nicole Choi (GitHub) In the newsletter you will find how Canva implemented Endpoint Vulnerability Management at scale, ideas for enhancing SAST…
Intro Hi!In this edition of DevSec Selection, I explore key topics in application and infrastructure security. We delve into the broken authentication security vulnerabilities. Next, an article compares EPSS with CVSS, offering a formula to prioritize vulnerability remediation at scale. I also included an article about less known Dependency Confusion supply chain attack where author…
Explaining one of the most common web API vulnerability classes - Broken Authentication in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.
A review of DefectDojo Pro — a paid version of a well-known vulnerability management solution: Does DefectDojo Pro address all the pain points of DefectDojo OWASP Edition?
Presenting capabilities of DefectDojo in context of Vulnerability Management for DevSecOps and traditional application security engineers.
In this article, I’m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System.
Intro Hi!In this edition of my newsletter, I delve into the critical topic of API security with a special focus on Broken Object Level Authorization (BOLA), ranked as the number one threat in the OWASP TOP 10 API Security Risks. The article is presenting Damn Vulnerable RESTaurant as an example of such vulnerability. Furthermore,…
Explaining one of the most common web API vulnerability classes - Broken Object Level Authorization in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.
Intro Hi!Most of the news from last week was related to the XZ backdoor, so I selected the two most interesting articles on this topic. The first article presents a less technical debate about the problem of backdoors in open-source software, written by lcamtuf. The other article is highly technical and describes…
Introduction to a security code challenge dedicated to developers and ethical hackers. This challenge focuses on identifying and fixing web API security vulnerabilities in a Python FastAPI-based restaurant API.
Software Engineer and Security Researcher, writing about application security in SDLC and DevSecOps 🔐
