Vickie Li

ShiftLeft Blog - Medium

Using Ocular to search for command injection in an application by tracing dataflowWhen learning how to find, exploit, or prevent different types of security vulnerabilities, you’ll want to understand the vulnerability’s root causes and what happens to an application when it’s exploited.Today, we’ll talk about remote code execution (RCE), it’s mechanisms, ... Read More

30 vulnerabilities to look out for in Java applications: Arbitrary file writes, directory traversal, deserialization, and more…Photo by Cookie the Pom on UnsplashSecuring applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to ... Read More

Using Ocular to search for reflected XSS in an applicationWhen learning how to find, exploit, or prevent security vulnerabilities, it’s important to understand the root causes of the vulnerability and what actually makes an application vulnerable.Today, let’s talk about an extremely common vulnerability, XSS, it’s mechanisms, and how you can ... Read More

The top ten vulnerabilities that threaten your API, how to identify them, and how to prevent themYou’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten.The ... Read More

Top ten vulnerabilities that threaten your API, how to identify them, and how to prevent themYou’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten.The current ... Read More

And four principles for securing your organization’s information including your source code and supply chainPhoto by Caspar Camille Rubin on UnsplashTwitch, a popular live video streaming service, was breached last week. Last Wednesday, an anonymous individual published a file online containing the entirety of twitch.tv’s source code, information about twitch’s internal services ... Read More

Getting started with a source code review using ShiftLeft COREPhoto by Roman Synkevych on UnsplashPerforming a source code review is one of the best ways to find security issues in an application. But how do you do it? In this guide, we’ll go through the basics of code analysis and some ... Read More

How logging and monitoring prevent damage to an application and its usersPhoto by Chris Yang on UnsplashYou’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten ... Read More

Sources and Sinks interviews security conference veteran Magno LoganPhoto by Alex Kotliarskyi on UnsplashIf you’ve been to a security event before, you’d know what a great experience it is to meet fellow hackers, security folks, and to learn about new ideas. But what goes into running a security conference?Today on sources and ... Read More

Using the Software Development Life Cycle (SDLC) as a model to secure your applicationPhoto by Glenn Carstens-Peters on UnsplashIf you are into building software, you’ve probably heard of the software development life cycle (SDLC). The SDLC describes the five stages of application development: the requirements phase, the design phase, the coding ... Read More