GraphQL is a powerful and flexible API query language that has gained popularity in recent years due to its ability to give developers the…
Nowadays a very common practice is to integrate security scans during the continuous integration and continuous delivery (CI/CD) phase of…
Writing secure code involves adopting a set of software development best practices, and a change of attitude and culture within development…
Subresource Integrity (SRI) is a technique that can help protect web applications against attacks originating from content providers. When…
In the latest edition of OWASP TOP 10 Vulnerabilities 2021, some new categories were introduced in their classifications. In this article…
If you follow our social networks, it is very likely that you have come across some “Secure Coding Challenge” in order to identify a…
An internal project by Conviso’s Consulting team, called ConsultingLabs, was created with the aim of exploiting vulnerabilities.
In…
In UMassCTF-2021 I was presented to an interesting project on a language called Janet. In this CTF we had two challenges to solve and the…
During a security auditing of the Ruby on Rails source and its dependencies, we discovered two ways to exploit ActiveStorage’s image…