application security
Explaining one of the most common web API vulnerability classes - Broken Authentication in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.
A review of DefectDojo Pro — a paid version of a well-known vulnerability management solution: Does DefectDojo Pro address all the pain points of DefectDojo OWASP Edition?
Presenting capabilities of DefectDojo in context of Vulnerability Management for DevSecOps and traditional application security engineers.
In this article, I’m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System.
Explaining one of the most common web API vulnerability classes - Broken Object Level Authorization in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.
Introduction to a security code challenge dedicated to developers and ethical hackers. This challenge focuses on identifying and fixing web API security vulnerabilities in a Python FastAPI-based restaurant API.
At the beginning of 2023 Google released an open-source Software Composition Analysis tool — osv-scanner. In this article I'm presenting how it can be configured and utilised using popular open-source projects as examples.
Does DevSecOps Engineer need programming skills? What is the value of utilising Python for security purposes? What you need to learn to automate security at scale? This article will answer these questions.
This article presents mechanisms and ideas for detecting malicious applications installed on Android devices that abuse the AccessibilityService feature. It focuses on identifying these applications from the perspective of legitimate apps.
This article covers automated SBOM projects tracking with Dependency-Track. It presents how SBOM can be uploaded to Dependency-Track via API.
Software Engineer and Security Researcher, writing about application security in SDLC and DevSecOps 🔐
