Node.js Vulnerability Cheatsheet

Node.js Vulnerability Cheatsheet

25 vulnerabilities to look out for in Node JS applications: Directory traversal, prototype pollution, XSSI, and more…Photo by Greg Rakozy on UnsplashSecuring applications is not the easiest thing to do. An application has many ...

Prioritizing Cybersecurity Throughout All Web Development Sprints

No one doubts the importance of cybersecurity in web development — and yet, often in the development cycle, we neglect to prioritize it across each sprint and into the final product. Making ...
Command injection vulnerability in source code | The Dataflow Show

Find command injection in source code

Using Ocular to search for command injection in an application by tracing dataflowWhen learning how to find, exploit, or prevent different types of security vulnerabilities, you’ll want to understand the vulnerability’s root causes ...
API Security 101

API Security 101

The top ten vulnerabilities that threaten your API, how to identify them, and how to prevent themYou’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications ...
HIPAA Compliance for Healthcare Apps

HIPAA Compliance for Healthcare Apps

What Application Developers Need to Know About HIPAA CompliancePhoto by Alexander Sinn on UnsplashIncreasingly, patients want to access their healthcare information using mobile applications or web applications. Instead of calling a doctor’s office, ...
OWASP Updates the Top 10 Web Application Security Risks

OWASP Updates the Top 10 Web Application Security Risks

OWASP Top Ten updates: what changed?OWASP updates the top 10 web application security risksPhoto by Scott Graham on UnsplashThe Open Web Application Security Project, or OWASP, is a non-profit organization dedicated to improving software security ...
Browser-side Caching

Browser-side Caching

Browser-side Caching for APIsHow ShiftLeft provides a snappy UI experience by caching API requests in the browserPhoto by Wilhelm Gunkel on UnsplashShiftLeft Engineering uses an API-first implementation approach. We have a single, unified JSON REST ...
API Security 101: Mass Assignment

API Security 101: Mass Assignment

With one click, you are the admin: Mass assignments and their threats to API data integrity.Photo by Raychan on UnsplashYou’ve probably heard of the OWASP top ten or the top ten vulnerabilities that ...
AppSec Conference: Shifting Left 2.0

AppSec Conference: Shifting Left 2.0

Sessions to watch for developers and hackersPhoto by Austin Distel on UnsplashHere at ShiftLeft, we are gearing up for Shifting Left 2.0, a two-day application security conference for developers and security practitioners on June ...
Secure Developer Challenge May 2021

Secure Developer Challenge May 2021

Thanks to everyone who submitted to the Secure Developer Challenge for May 2021!For this month’s challenge (https://go.shiftleft.io/developer-challenge-05-2021), we asked you to identify which of these statements about HTTP security headers are false:The correct answer ...