Increase Your Application Security With the Integration of SonarQube

In this article we will shortly run through the architecture and set up an environment to quickly run an analysis through our code. Finally we will explore some code examples, where SonarQube helps finding bugs and improve our code.

Basic network security implementation for Kubernetes Clusters with NetworkPolicy examples

Welcome to my Kubernetes how-to series, where I intend to breakdown and showcase the how-tos and the gotchas of the Kubernetes configuration. If you’re here, you are aware that the POD-to-POD communication on the [any] Kubernetes Cluster is available to all namespaces and all PODs, — It’s free for all.

4 Key Benefits of Application Security Orchestration and Correlation (ASOC)

4 Key Benefits of Application Security Orchestration and Correlation (ASOC). In the modern software development life cycle, there is a variety of security tools used in different phases of development pipelines.

The Future of FinTech AppSec Is Brighter Than You Think

The security industry has the unenviable task of educating and reminding organizations of the rising risks to their FinTech applications and customers’ data.

Mitigating NoSQL Injection Attacks: Part 1

In this first part of a two-part post series, we’ll reconstruct a NoSQL injection and cover the basics of mitigating it. In the second part, we’ll look at Server-Side JavaScript and Blind Injection attacks against NoSQL databases. If you’re not validating or escaping user-manipulated input properly, you may find malicious parties executing dynamic queries against your SQL and NoSQL databases.

Demystifying Insecure Deserialization in PHP

Serialization is the process of converting objects to a sequential stream of bytes so that it can be easily stored in a database or transmitted over a network. Deserialization is the exact opposite of serialization. It is the process of converting this sequential stream of bytes to a fully functional object.

Funksie — A Feature Policy Plugin for HapiJS

TL;DR: I’m open-sourcing a Hapi plugin that provides a fair amount of flexibility in regards to enabling Feature Policy on a route/frame level so it should be easy for any Hapi developer to deploy Feature-Policy in a manner that adds real protection

Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne 

A conversation on automation, security engineering , #shiftleft of security, security quality automation and ML

Podcast-Ep-7 #Shifting Left at Roblox — A conversation with Julie Tsai

A conversation with Julie Tsai on her initiative of #ShiftLeft at Roblox. Julie is the Head of Information Security at Roblox

Podcast #ShiftLeft at Emirates Group — A conversation with Toufiq Ali

A conversation with Toufiq Ali — Principal Cybersecurity Engineer at Emirates Group on developer focused security initiatives the Group

Mitigating NoSQL Injection Attacks: Part 2

This is the second part of a two-part series on NoSQL injections where we will look at Server-Side JavaScript and Blind NoSQL injections.

Android InsecureBankv2 Walkthrough: Part 3

In this article, I will be continuing my walkthrough of the InsecureBankv2 Android application created by the GitHub user dineshshetty…

Android InsecureBankv2 Walkthrough: Part 2

In this article, I will be continuing my walkthrough of the InsecureBankv2 Android application created by the GitHub user dineshshetty…

Android InsecureBankv2 Walkthrough: Part 1

In this article, I will be taking a look at the InsecureBankv2 Android application created by the GitHub user dineshshetty. According to…

Podcast-Ep-9 — From Darkness to Light

A conversation with ShiftLeft’s lead security researcher — Niko Schmidt. Niko opens up on his process, what he sees as the key threats and how developers can improve their game to build more secure applications

The previous article in this series is here.

In this post we will explore The 3 Ways of DevOps. But first, a definition. The previous article in this series is here. Security is Everybody’s Job — What is DevSecOps?

Security is Everybody’s Job — Part 2 — What is Application Security?

Read the previous article in this series here. Security is Everybody’s Job — Part 2 — What is Application Security?

Learning from Pedro Riberio’s IBM Data Risk Manager Zero

Security researcher Pedro Ribeiro revealed four unpatched vulnerabilities in IBM Data Risk Manager on April 21st. On the surface, these.

Security is Everybody’s Job — Part 1 — DevSecOps

This is the first in a many-part blog series on the topic of DevSecOps. Throughout the series we will discuss weaving security through.

The Zaheck of Android Deep Links!

In the current era of hybrid mobile architecture, the Webviews and Deep Links are extensively used hand in hand. The former one is used to