Como identificar vulnerabilidades no código fonte?

Se você é um profissional ou estudante de Segurança de Aplicações, é provável que já tenha se deparado com esta pergunta: “Como posso identificar vulnerabilidades no código fonte?”. Embora pareça uma questão simples, a resposta pode variar bastante, e às vezes uma solução pode parecer mais completa que outra. Com base na minha experiência na […]

Dicas de codificação segura em C#

Você sabia que C# está entre as 4 linguagens de programação mais populares no mundo, segundo dados do Programming Language Index? Se você é uma pessoa desenvolvedora em C#, é bem provável que tenha interesse em aperfeiçoar suas práticas nessa linguagem, inclusive no que tange à segurança de aplicações, tema que está cada vez mais […]

VMClarity: Virtual Machine Security – DEV Community

Challenge VMClarity Do you will have digital machines in your setting? Do you care about their safety? Are you searching for a brand new open-source mission to contribute to? Effectively then, at this time is your fortunate day! Introducing VMClarity! Overview VMClarity is an open supply software for agentless detection and administration of Digital Machine […]

Criando meu próprio Github Actions para a área de AppSec

Olá pessoal, tudo bem? 😊 Hoje resolvi trazer esse tema, pois na área de AppSec/DevSecOps é muito importante conhecer outras ferramentas que possam ajudar na integração e checagens de segurança durante a fase de desenvolvimento de um software program. O que é Github Actions? Ele serve para você automatizar de forma fácil todo o processo […]

Breaking and building encryption in NFC digital wallets 📳

NFC know-how is now simply part of on a regular basis life. Someday, you may meet it as a developer constructing new firmware for an NFC gadget that serves as a digital pockets. Get ready for the safety challenges when utilizing NFC. Faucet-and-go operations are used so broadly and the meeting of an NFC intercepting […]

How to scan your ruby or JS project for security improvements, for free.

Safety instruments are intimidating. They’re made for safety groups that already know the jargon and the small print like CWE identifiers. However what about builders? We now have instruments that examine for susceptible dependencies and instruments that examine for leaked secrets and techniques, however we’re lacking straightforward—actionable—recommendation on making our code safer. Excellent news! There’s […]

Subscribe to a new newsletter for security-aware developers!

Hello, I’m Felix from Cossack Labs. You would possibly know me as a mascot of those cool information safety & cryptography guys. However time flies. Code is in all places, and nummy bugs are in all places too. So, meet me in a brand new position—as a junior safety researcher bringing you a 🐝-weekly newsletter […]

Encryption in ⛅ cloud native apps

Devs are sometimes tempted to depart information safety “as is” whereas constructing cloud native apps. With all of the choices cloud suppliers give, you’ll be able to have an phantasm of every part working securely by default. However… …In actuality, the necessity for information safety and app safety doesn’t disappear automagically in a cloud and […]

2 free data security tools every dev should know (and use)

The aim behind encrypting delicate information is to forestall leakage if the appliance or the database was attacked. Utility stage encryption (encrypt information earlier than storing within the database, decrypt after studying) offers most safety. 💡 To assist builders combine encryption simply and with out trouble, we keep a number of open-source information safety instruments […]