Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter
to the top
Accueil
>
Posts
>
Posts: #Security

Posts: # Security

All tags:

#Security #Java
27 Mar 2025
Notepad injection or the story of writing new diagnostic rules
Vladislav Bogdanov
This article is about calling operating system commands in Java. Also, we'll cover OS command and argument injections, along with the process of writing diagnostic rules to detect...
...
#Knowledge #StaticAnalysis #Security #Java
25 Fév 2025
Looking for potential vulnerabilities in code, part 2: practice
Konstantin Volohovsky
Last time, we discussed common approaches to detecting vulnerabilities in applications. This time, we'll take a more down-to-earth look at how we've implemented these mechanisms in our...
...
Subscribe to the newsletter
Want to receive a monthly digest of the most interesting articles and news? Subscribe!
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité
#Security #Java
27 Jan 2025
Java, Taint, and SAST: What is it and why do we need it?
Vladislav Bogdanov
An enormous amount of server-side code is written in Java. So, web applications written in this language must be resistant to certain security vulnerabilities. This short article is about one of...
...
#Knowledge #StaticAnalysis #Security #Java
16 Déc 2024
Looking for potential vulnerabilities in code, part 1: theory
Konstantin Volohovsky
We all know the risks that vulnerabilities pose: application crashes, data loss, or privacy breaches. In this article, we'll look at examples that illustrate the core aspects of an approach...
...
#Security
23 Jan 2024
Introducing SAST into the development process
Viktoria Pelipenko
Cyberattacks on applications are on the rise, and zero-day vulnerability exploitation is leading the way. Introducing SAST into the development process makes the product safer for users. However...
...
#CSharp #Security
31 Mai 2023
XSS vulnerability in the ASP.NET application: examining CVE-2023-24322 in mojoPortal CMS
Sergey Vasiliev
In this article, we will thoroughly examine the XSS vulnerability in a CMS written in C#. Let's recall the theory, figure out how the security defect looks from a user's perspective and in code...
...
#Security
25 Avr 2023
Do developers dream of secure apps?
Sergey Vasiliev
Do developers care about code security? This question, I believe, is still open to debate. I wrote this article to solicit feedback from both developers and security experts. Would you help me...
...
#Cpp #Security
11 Avr 2023
GPT-3 detected 213 Security Vulnerabilities... Or it did not
Andrey Karpov
This text is a detailed commentary on the article "I Used GPT-3 to Find 213 Security Vulnerabilities in a Single...
...
#CSharp #Security
21 Mar 2023
Converting string to enum at the cost of 50 GB: let's analyze the CVE-2020-36620 vulnerability
Sergey Vasiliev
In this article, we're going to discuss the CVE-2020-36620 vulnerability and see how a NuGet package for converting string to enum can make a C# application vulnerable to DoS...
...
#Cpp #CSharp #Knowledge #StaticAnalysis #Security
26 Jan 2023
Under the hood of SAST: how code analysis tools look for security flaws
Sergey Vasiliev
Here we'll discuss how SAST solutions find security flaws. I'll tell you about different and complementary approaches to detecting potential vulnerabilities, explain why each of them is...
...
View more Pagination arrow previous
1 2 3
...
6
Showing: 1-10 of 55
close form

Remplissez le formulaire ci‑dessous en 2 étapes simples :

Vos coordonnées :

Étape 1
Félicitations ! Voici votre code promo !

Type de licence souhaité :

Étape 2
Team license
Enterprise licence
* Différence entre Team et Entreprise
Vous n'avez pas reçu d'email ?
** En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité
close form
Demandez des tarifs
Pourquoi demandons-nous l'email d'entreprise ?
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
Vous n'avez pas reçu d'email ?
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
La licence PVS‑Studio gratuit pour les spécialistes Microsoft MVP
Pourquoi nous demandons un email d'entreprise ?
Vous n'avez pas reçu d'email ?
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
Pour obtenir la licence de votre projet open source, s’il vous plait rempliez ce formulaire
Vous n'avez pas reçu d'email ?
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
I want to join the test
Pourquoi nous demandons un email d'entreprise ?
Vous n'avez pas reçu d'email ?
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
check circle
Votre message a été envoyé.

Nous vous répondrons à


Si l'e-mail n'apparaît pas dans votre boîte de réception, recherchez-le dans l'un des dossiers suivants:

  • Promotion
  • Notifications
  • Spam