As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
Security code review doesn't have to be intimidating. In Go codebases, certain patterns appear repeatedly. These mistakes are easy to spot ...
For the past few months, I’ve been noticing a pattern on LinkedIn: people celebrating their success in obtaining our Code Review ...
Secure code review is a fundamental practice in software security, aimed at identifying vulnerabilities, weaknesses, or areas for security improvement directly ...
I’ve been thinking a lot about AI-generated code lately—and the impact it has and will continue to have on security code ...
I recently gave a workshop at OWASP Bay Area and presented a fresh slide deck. My main goal was to explain ...
I often get asked about pentesting and code review methodologies. It seems like people are hoping for a secret sauce that ...
Training developers in security code review goes beyond simply enhancing their ability to write secure code. It equips them with the ...
Scoping a security code review is a critical step in ensuring a successful engagement. Without proper scoping, you risk falling into ...
While developing the "Criminal Mind" is crucial for uncovering vulnerabilities, there is another equally important skill to master: developing the "Engineer ...
A secure password reset process is a cornerstone of account security for any web application. If not implemented correctly, it can ...
When I wrote the first lab on algorithm confusion, I remember spending a bit of time trying to find a vulnerable ...
In the world of application security and code review, there’s a misconception that the success of a review is measured solely ...