In code we Struts: in-depth review of a Java vulnerability for developers
Sylvain
Houston, we have a security issue! Alas, most public coverage of a severe issue is in the lines of “OMG, there is a critical issue you should update ASAP otherwise…
An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!
Benoit
A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…
It’s time for transparent security
Pierre
Security is a big concern for developers. As developers, even though the confidence in our app security is often low, nothing is really done to protect our data or customers.…
Reflected XSS explained: how to prevent reflected XSS in your app
Jb
What is a reflected XSS? An XSS allows an attacker to inject a script into the content of a website or app. When a user visits the infected page, the…
Context information storage for asyncio
Vivien
At Sqreen, we are building an agent based on dynamic instrumentation. It detects security incidents from inside an application (injections, cross-site scripting etc.) and allows users to configure actions (blocking…
CSS best practices for fast-growing SaaS startups
FX
I joined Sqreen in June 2016 as a web developer after working as a freelancer and in web development agencies. Since then, I’m in charge of the Sqreen Dashboard integration.…
Bad bots are eating the world. But developers will save us all
Paul
Scrapers or bad bot protection is a big topic for a lot of company departments. However, it’s always developers or DevOps that end up implementing a bad bot mitigation solution.…
Security analysis of the most popular cryptocurrency exchanges
So you’ve finally decided to buy some Bitcoin, Ethereum or any other coin that’s all the rage these days? At Sqreen, we’re not so much interested in the cryptocurrency craze,…
Authentication Best Practices for Vue
Thibaud
Introduction Whenever you start to get serious with a project, you will most likely face the issues of how to handle client-side token-based authentication. You will have to answer these…
Security.txt toolbox for your Ruby app
What is security.txt? Security is all about tradeoffs. We all know we should be doing something about it in our application, yet, so few of us do. Strangely enough one…