Application security for GraphQL: how is it different?
Vladimir
GraphQL is one of the hottest topics in the API world right now. It provides an abstraction layer over more traditional HTTP communications, and has changed the way we build…
Browsing Category
Security
131 posts
Serverless security: how do you protect what you aren’t able to see?
Jb
Serverless security is a fascinating topic. As more organizations move to distributed architectures and new ways of running their services, new security considerations arise. I spoke about this topic at…
SQL injection, explained: what it is and how to prevent it
Carlos Schults
A SQL injection is a security attack that is as dangerous as it is ingenious. By abusing the data input mechanisms of an application, an attacker can manipulate the generated…
How to use frameworks to implement your Security Paved Road
I recently sat down with Sr. Research Lead at Synopsys and framework specialist, Ksenia Peguero, on Episode 2 of the AppSec Builders Podcast. In the episode, “Framework Security with Ksenia…
Scaling security in a high growth company: our journey at Sqreen
Five years after founding Sqreen, many things have tremendously changed. One of them is our approach to security. It’s often said that security is a journey without end. That it’s…
Learnings from Sqreen’s State of App Sec Report: 70% of Ruby on Rails exploits were SQLi
Saying that digital security is “important” would be the understatement of the century. It’s probably the most crucial aspect of any application nowadays. Unfortunately, security is easy to get wrong,…
XML External Entity (XXE), explained
Omkar Hiremath
Web application security has gained a lot of recent interest. The quality and skills of hackers have improved over time. So it’s important for the defenders of an application to…
A vulnerability in Sqreen: the attacker’s point of view
Charles Fol
A note from Sqreen’s CTO When Charles reached out to me to disclose this issue, we reacted with one goal in mind: protecting our customers. As such, we built a…
Learnings from Sqreen’s State of App Sec report: PHP apps are 3x more likely to be exploited
With each passing year, we move more and more aspects of our lives online. The line between the online and the offline is becoming thinner and thinner as time goes…
From Nestaway: Automating Security Operations — Detecting and Permanently Blocking Abusive Clients
Ranjan Kathuria
Today, we’re featuring a blog post from Nestaway that was originally posted in Nestaway Engineering on Medium. Automating Security Operations is a tough task but can make the life of a security person…