What CISA’s BOD 25-01 Means for API Security and How Wallarm Can Help
The US government has taken another significant step towards strengthening cloud security with the release of CISA’s Binding Operational Directive (BOD) 25-01. Aimed at improving…
Category: Mix
Why Prompt Engineering and Context Engineering Both Miss the Point
There’s a popular idea going around right now about renaming “prompt engineering” to “context engineering.” The argument is that context engineering better captures the true…
What the NULL?! Wing FTP Server RCE (CVE-2025-47812)
While performing a penetration test for one of our Continuous Penetration Testing customers, we’ve found a Wing FTP server instance that allowed anonymous connections. It…
![[tl;dr sec] #285 - AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships](https://image.cybernoz.com/wp-content/uploads/2025/06/tldr-sec-285-AI-Red-Teaming-Detection-Engineering-Field.png)
[tl;dr sec] #285 – AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships
Can LLMs red team AI, intro to detection engineering, how to scale security impact via cross-team partnerships I hope you’ve been doing well! At BSidesSF…
The Rise of AI-Driven API Vulnerabilities
AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against…
Dumping Cursor for VSCode + Claude Code
Don’t get me wrong—Cursor is genuinely awesome. It’s probably the best AI-native code editor ever built, with incredibly thoughtful integrations and a user experience that…
Understanding DevSecOps | HAHWUL
Sharing thoughts and approaches on DevSecOps, which integrates development (Dev), security (Sec), and operations (Ops) to embed security throughout the development lifecycle. What is DevSecOps?…
what’s best for your business?
Organizations are adopting bug bounty programs more and more as part of a layered security strategy to address the skills gap and to help their…
How to Securing GraphQL | HAHWUL
A summary of common security vulnerabilities in GraphQL and their mitigation strategies. GraphQL provides superior flexibility and efficiency compared to traditional REST APIs by allowing…
How to Securing SSE | HAHWUL
In this article, I’ll explain Server-Sent Events (SSE), one of the technologies for implementing real-time data communication in web applications. We’ll explore the basic concepts…
How to Securing Web Socket
A guide on securing WebSocket to protect real-time applications from common vulnerabilities. This article covers the security vulnerabilities of WebSocket, which enables real-time bidirectional communication,…
How to Secure Cookies | HAHWUL
Cookies play a crucial role in web applications, but at the same time, they require careful attention to security settings. In this post, we’ll take…