AppSec Testing
SQL Injection in Oracle: Examples and Prevention
What is SQL Injection and Can it Happen in an Oracle Database? Unfortunately, the quick answer is a resounding YES – Oracle databases are by
February 10, 2022
AppSec Blog
Application Security news, research, vulnerabilities, DevSecOps, CI/CD tooling, hacking and more
Menu
AppSec Testing
6 CSRF Protection Best Practices You Must Know
What is Cross Site Request Forgery (CSRF)? A CSRF attack can force a user to perform unwanted actions on a web application. CSRF assumes that
February 4, 2022
Vulnerabilities
Directory Traversal Mitigation: How to Prevent Attacks
In a directory traversal attack, a malicious user utilizes directory traversal attempts to gain access to files on the server they shouldn’t have access to.
February 4, 2022
Vulnerabilities
Code Injection in Brief: Types, Examples, and Mitigation
What Is Code Injection? Code injection refers to attacks that involve injecting malicious code into an application. The application then interprets or executes the code,
January 31, 2022
AppSec Testing
Avoiding Security Incidents with a Dev-First AppSec Program
Did you miss our webinar on ‘Avoiding Security Incidents with a Dev-First AppSec Program’?Don’t worry; it’s available on-demand! Renowned security expert Ofer Maor and Bright’s
January 26, 2022
Updates
Product Update – January 2021
A lot is happening with Bright! Here are some updates and new features that will make your experience even better. New Features Introducing a new
January 25, 2022
Vulnerabilities
Stored XSS: Impact, Examples, and Prevention
What Is Stored XSS (Cross Site Scripting)? XSS is an attack technique that injects malicious code into vulnerable web applications. Unlike other attacks, this technique
January 24, 2022
AppSec Testing
Snyk CLI Quick Guide: Installation and Common Commands
What Is Snyk CLI? Snyk is a popular security testing platform for developers. The Snyk Command Line Interface (CLI) lets you introduce Snyk functionality into
January 17, 2022
AppSec Testing
8 Great Snyk Alternatives
What is Snyk? Snyk is an application security testing tool that lets you identify and remediate vulnerabilities in open source components, proprietary source code, containers,
January 13, 2022
AppSec Testing
7 Open Source Pentesting Tools and When To Use Them
What is Pentesting and what are Pentesting tools? The goal of pentesting (penetration testing) is to detect security vulnerabilities by utilizing specific processes, tools and
January 10, 2022
Vulnerabilities
XSS Attack: 3 Real Life Attacks and Code Examples
What is an XSS Attack? A cross-site scripting (XSS) attack injects malicious code into vulnerable web applications. XSS does not target the application directly. Instead,
January 10, 2022
AppSec Testing
Deserialization in Java and How Attackers Exploit It
What is deserialization in Java? Serialization in Java represents a process in which an object in the Java programming language is converted into a format
December 20, 2021
AppSec Testing
Penetration Testing Report: 6 Key Sections and 4 Best Practices
What Is a Penetration Testing Report? Penetration testing (pentesting) involves assessing the security of a system, network, or application. Although pentesters use the same techniques
December 20, 2021
Updates
Bright Security Product Update – December 2021
This blog post announces the November 2021 Update for Bright.We added some new features and product enhancements that will make your experience even better. Improvements
December 14, 2021
AppSec Testing
DevOps Testing: The Basics and 5 Best Practices
What Is DevOps Testing? DevOps is a methodology promoting close communication and cooperation between development and operations teams. Implementing DevOps requires adopting certain tools and
December 13, 2021
© 2022 Bright Security Inc. All Rights Reserved