What exactly is the Cyber Resilience Act? This article covers the regulation that establishes cybersecurity requirements for products sold in the European market. We'll discuss everything: from...
Your code accepts external data? Congratulations, and welcome to the minefield! Any unchecked user input can lead to a vulnerability, and manually finding all the "tripwires" in a large project...
In this article, we'll explain what gadget chains are and look at examples (with schemas) of how careless deserialization with native Java mechanisms can lead to remote code...
In this article, we talk about the OWASP Top Ten 2021 categories through the lens of PVS-Studio Java analyzer warnings. So, if you want to peek at patterns of potential vulnerabilities in Java...
This article is about calling operating system commands in Java. Also, we'll cover OS command and argument injections, along with the process of writing diagnostic rules to detect...
Last time, we discussed common approaches to detecting vulnerabilities in applications. This time, we'll take a more down-to-earth look at how we've implemented these mechanisms in our...
An enormous amount of server-side code is written in Java. So, web applications written in this language must be resistant to certain security vulnerabilities. This short article is about one of...
We all know the risks that vulnerabilities pose: application crashes, data loss, or privacy breaches. In this article, we'll look at examples that illustrate the core aspects of an approach...
Cyberattacks on applications are on the rise, and zero-day vulnerability exploitation is leading the way. Introducing SAST into the development process makes the product safer for users. However...
In this article, we will thoroughly examine the XSS vulnerability in a CMS written in C#. Let's recall the theory, figure out how the security defect looks from a user's perspective and in code...
