As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
One of the things I enjoy doing is looking at CVEs. I find it a great way to learn about new ...
In the world of software development, the allure of writing clever code is strong. Developers, especially those who are highly skilled, ...
The discovery of a new bug or the analysis of a Common Vulnerabilities and Exposures (CVE) can often feel like a ...
In the field of application security, two crucial types of training often come up: secure coding training and security code review ...
One of the recurring questions I get during my Web Security Code Review Training is how to keep notes when multiple ...
Bad code reviewers use grep... well, good code reviewers use grep, but they are good code reviewers! You are probably not ...
When running our Web Security Code Review Training, I use an analogy on the difference between "They are French" and "They ...
I think the hardest part for pentesters transitioning into security code review is going back to the low level of confidence ...
In every field, people eventually hit plateaux in their progression. Security code review is no different. In this article, we explore ...
Too often (me included), savvy code reviewers recommend to get started into code review by “Just reading code” and that is ...
Keeping notes is one of the key aspects of penetration testing. In this article I’m going to share some information on ...