Subresource Integrity (SRI) is a technique that can help protect web applications against attacks originating from content providers. When…
In the latest edition of OWASP TOP 10 Vulnerabilities 2021, some new categories were introduced in their classifications. In this article…
If you follow our social networks, it is very likely that you have come across some “Secure Coding Challenge” in order to identify a…
An internal project by Conviso’s Consulting team, called ConsultingLabs, was created with the aim of exploiting vulnerabilities.
In…
In UMassCTF-2021 I was presented to an interesting project on a language called Janet. In this CTF we had two challenges to solve and the…
During a security auditing of the Ruby on Rails source and its dependencies, we discovered two ways to exploit ActiveStorage’s image…
Software Engineering
Before discussing Code Comprehension, it is important to talk a bit about Software Engineering. There are some…
This article: “Why are nonces important on CTR mode ciphers” was written 3 years ago, and is available again on our blog. Good…
We have a new application or module written in the Go language that we want to analyze. So how do we approach that?
You can also listen…