PinnedHallucinative-Insecure GPT Code GenerationWhen AI Code Assistants Start Seeing Unicorns in Your Code Recently, we’ve come across several articles that discuss the potential risks and security challenges posed by AI code assistants. These articles have piqued our curiosity and led us to question: Are these concerns valid? How do these risks manifest in…AI5 min readAI5 min read
PinnedCodeThreat AI AssistantIntroducing CodeThreat AI Assistant, Personal Code Analysis Expert. showcase; https://www.youtube.com/watch?v=l-E_EOjTXow As developers strive to create and deploy applications quickly, security problems grow, and vulnerabilities accumulate. …Sast3 min readSast3 min read
Nov 9Sensitive Information Detection in MLOps: Why It Matters More Than EverIn our journey as a startup, we’ve always been driven by the needs of our users and customers. And what we’ve observed lately is a heightened demand for scanning .ipynb files. Through our interactions, we’ve encountered numerous instances where sensitive information was mishandled in Jupyter notebooks. To the untrained eye…Cybersecurity In Ai4 min readCybersecurity In Ai4 min read
Dec 12, 2022Act Against Security AnomaliesExpect and act against abnormal security related behaviors in your code In order to prevent hackers abusing our software, as developers we have to get high on security related information; attacks, payloads, defenses… But there are lots of areas to cover and we don’t have time. …Software Security4 min readSoftware Security4 min read
Sep 27, 2022Security Watchouts for Redis ClientsWhen the scalability and performance become the main goal in our business, in-memory caching systems are one of the items we look for to provide fast data access. Redis is one of them. …Redis5 min readRedis5 min read
Jul 25, 2022Shifting LeftestGet hold of your own code security — A secure application is a team effort, sure. Every stakeholder should be part of it. But this little write-up relates only to the developers; a simple mindset change will have an enormous positive effect on the security of your code. There is a fundamental teaching that students are taught in…Software Security4 min readSoftware Security4 min read
May 27, 2022Is OWASP Benchmark Any Good?Strong and not-so strong sides of using it for your SAST benchmarks… There’s no escape. When you are choosing a Static Application Security Testing (SAST) tool, a comparison is a must for measuring speed, accuracy, usability… There are many sides to this comparison and a sample application is usually used…Benchmark6 min readBenchmark6 min read
Apr 25, 2022Reminiscences of Another EL InjectionPrinciple of Least Privilege in Action — Evaluating an input is a requirement for most of the custom web, mobile or desktop applications let alone popular frameworks. …Spring Framework6 min readSpring Framework6 min read
Apr 1, 2022Spring Core RCE or Spring4ShellWhat is it & how to dodge? — A vulnerability has been disclosed on Spring Framework which leads to remote code execution. A CVE is assigned to it recently with the code CVE-2022–22965. …Spring4shell6 min readSpring4shell6 min read
Mar 28, 2022The Secure Developer QualityArchimedes, Galileo, Kepler and Newton. Just a few great minds of human advancements. There’s a keen and distinguished characteristics of these giant leapers which all of the developers should try to learn and apply what they do in order to produce rock solid secure applications. What makes these scientists/philosophers and…Software Testing6 min readSoftware Testing6 min read
