Due to the immutability of smart contracts, checking their security before deploying them in any Blockchain is one of the most critical steps in their development lifecycle. However, this process could be very challenging in terms of both required knowledge and time to perform such an audit. Therefore, using tools ...
One of the most components of the DevSecOps approach is security automation. To have this aspect in their DevOps environment companies should implement both a SAST and a DAST tool. Therefore, many people are asking is Netsparker a DAST? Netsparker is a DAST tool as it gives the development team ...
With the race to make software development even faster, companies start to adopt a new way technique based on using already developed code components. Unfortunately, this development technique comes with many security vulnerabilities that have made the software even less secure regardless of the enhancement the used development technology has ...
Adopting and implementing the Devsecops principles in your development process is becoming more and more important to produce secure applications. Unfortunately, by searching this subject on Google you can’t find a step-by-step process that explains this in detail. Therefore, here are the steps to successfully start a Devsecops: Enhance security ...
Fixing the discovered vulnerabilities after receiving the penetration test report is the most important process and the most time-consuming process. Therefore, one of the most common questions I get from my clients before they start the fixing process is can I keep my website online while fixing the vulnerabilities? The ...
Performing a penetration test against an API is very similar to performing a penetration test against a web application. Both applications use web technologies and have basically the same type of vulnerabilities. However, an API does not always offer a user interface to communicate which makes testing it more difficult. ...
After years of experience in penetration testing, I can say that one of the best things that can happen during a penetration test is to find a security misconfiguration. Unfortunately, when you look for these vulnerabilities on Google all that you get is theories or discussions and explanations of such ...
After starting to use the object-oriented development concept, new types of vulnerabilities were born. Insecure deserialization vulnerabilities were one of those vulnerabilities. Therefore, what is an Insecure Deserialization vulnerability, and how to prevent it? Insecure deserialization vulnerability happens when the web application serializes or deserializes a user-controllable object. The main ...
XSS and CSRF vulnerabilities are some of the most dangerous and the most popular vulnerabilities on the web. Fortunately, the CSRF vulnerability is getting rarer as modern programming technologies put security controls for it by default. However, I guess one of the most common questions I have ever received from ...
Undoubtedly, ChatGPT stands out as one of the most remarkable inventions of 2021. Its wide-ranging capabilities and applications have opened up endless possibilities for human interaction and problem-solving. Furthermore, certain users have begun employing ChatGPT for the actual execution of smart contract audits. However, can ChatGPT audit a smart contract? [...]
