Microsoft’s Project OneFuzz Framework with Azure: Overview and concerns
In September 2020, the Microsoft Security Team announced that Microsoft’s new open-source fuzzing platform, Project OneFuzz, was available as an open-source...
Application security
Software maturity models for AppSec initiatives
Software is on the front lines of security: a 2019 report from GitLab found that almost half of respondents deploy software on-demand or multiple times per...
Best free and open source SQL injection tools [updated 2021]
SQL injection is one of the most common attacks against web applications. This is used against websites which use SQL to query data from the database server....
Pysa 101: Overview of Facebook’s open-source Python code analysis tool
Pyre is a performance type-checker created by Facebook for the Python programming language. It is designed to rapidly identify type errors within Python applications.
The...
Improving web application security with purple teams
The cybersecurity industry - and especially the area of security assessments - is very fond of color-based terms. Organizations can undergo whitebox or...
Open-source application security flaws: What you should know and how to spot them
Open-source software helped to revolutionize the way that applications are built by professionals and enthusiasts alike. Being able to borrow a non-proprietary...
Android app security: Over 12,000 popular Android apps contain undocumented backdoors
When many people think about malware and other malicious or suspicious software, they focus on computers. It is common best practice to have an antivirus program...
13 common web app vulnerabilities not included in the OWASP Top 10
The OWASP Top 10, a widely referenced document that lists the key threats to modern web applications, hasn’t changed much in the past few years. Broken access...
Fuzzing, security testing and tips for a career in AppSec
In this episode of Infosec’s Cyber Work Podcast, host Chris Sienko welcomes back previous guest Dr. Jared DeMott. In the previous episode, the topic was all...
Are apps stealing company secrets? Smart device privacy concerns for businesses
Privacy often feels like it is something that can be bought, sold and/or simply ignored. So many people use the old and worn argument: “If you have nothing...