Welcome, fellow developers! In this blog post, we are going to delve deep into the world of application security, specifically focusing on a vulnerability that can deteriorate FastAPI security: Denial of service (DoS) caused by insecure regular expressions (regex).

SQL injection (SQLi) is one of the most severe security vulnerabilities in web applications. It occurs when an attacker is able to manipulate the SQL queries executed by an application by injecting malicious SQL code into user input fields. SQLi can lead to unauthorized access to sensitive data, data corruption, or even complete control over the database server.

In this post, we explore a powerful, yet widely unknown attack vector which has emerged in the last couple of years known as ‘Repo Jacking’. During our research, we discovered the enormous potential to compromise software components with tens of millions of downloads across the Terraform IaC (Infrastructure as Code) and Composer (PHP package registry) ecosystems. Despite its power, Repo Jacking remains under-researched and frequently misunderstood.

If you’ve been searching for guides and tutorials on getting started with Deno web development in a cloud IDE such as GitHub Codespaces, you’ve come to the right place. In this post, we will be exploring the world of Deno, GitHub Codespaces, and Dev Containers, providing you with the knowledge you need to set up your development environment effectively and efficiently in the cloud.

Python static analysis, also known as "linting", is a crucial aspect of software development. It involves inspecting your Python code without running it to identify potential bugs, programming errors, stylistic issues, or non-adhering patterns to predefined coding standards. It also helps identify vulnerabilities early in the development process, reducing the chances of deploying insecure code into production.

This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.

Amazon Web Services (AWS) Simple Storage Service (S3) has become a cornerstone in the world of cloud storage. It offers scalability, high availability, and performance, making it a go-to choice for businesses of all sizes. However, as with any cloud service, security is paramount. This is where the question of "how to secure an S3 bucket" comes into play. Securing your S3 buckets is not just about protecting your data from unauthorized access.

In today's increasingly digital world, where businesses rely heavily on technology for core operations, the European Union's Digital Operational Resilience Act (DORA) establishes a comprehensive framework to manage Information and Communication Technology (ICT) related risks and ensure business continuity for financial institutions and critical service providers.

A week before RSA 2024, Forrester predicted which subjects and themes would come to the forefront of the conference. They emphasized that we’d see a focus on proactive security, defined as “a strategic approach to controlling security posture and reducing breaches through strong visibility, prioritization, and remediation.” I went into the conference with this prediction in mind. However, I was surprised by what I found.