What the NULL?! Wing FTP Server RCE (CVE-2025-47812)
While performing a penetration test for one of our Continuous Penetration Testing customers, we’ve found a Wing FTP server instance that allowed anonymous connections. It…
While performing a penetration test for one of our Continuous Penetration Testing customers, we’ve found a Wing FTP server instance that allowed anonymous connections. It…
Can LLMs red team AI, intro to detection engineering, how to scale security impact via cross-team partnerships I hope you’ve been doing well! At BSidesSF…
AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against…
Don’t get me wrong—Cursor is genuinely awesome. It’s probably the best AI-native code editor ever built, with incredibly thoughtful integrations and a user experience that…
Sharing thoughts and approaches on DevSecOps, which integrates development (Dev), security (Sec), and operations (Ops) to embed security throughout the development lifecycle. What is DevSecOps?…
Organizations are adopting bug bounty programs more and more as part of a layered security strategy to address the skills gap and to help their…
A summary of common security vulnerabilities in GraphQL and their mitigation strategies. GraphQL provides superior flexibility and efficiency compared to traditional REST APIs by allowing…
In this article, I’ll explain Server-Sent Events (SSE), one of the technologies for implementing real-time data communication in web applications. We’ll explore the basic concepts…
A guide on securing WebSocket to protect real-time applications from common vulnerabilities. This article covers the security vulnerabilities of WebSocket, which enables real-time bidirectional communication,…
Cookies play a crucial role in web applications, but at the same time, they require careful attention to security settings. In this post, we’ll take…
A guide to understanding and implementing Subresource Integrity (SRI) for enhanced web security. Subresource Integrity (SRI) is a security feature that enables browsers to verify…
Learn about Content Security Policy (CSP), its importance, how it works, and how it enhances web security. What is Content Security Policy (CSP)? Content Security…