Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.

Website with the collection of all the cheat sheets of the project.

Question : What is the maximum number of characters an email address can have?

Here we go through some of the essential protocols required for robust API security.

We go through the fundamentals of API security, including best practices and key considerations for developers and businesses.

Researchers uncover a new DoS attack vector targeting UDP-based application protocols, potentially endangering hundreds of thousands of hosts.

The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.

For at least two years now I have been complaining about the lack of Artificial Intelligence (AI) Security resources. I complain about many…

At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP se…

Introduction DevOps has been rapidly evolving in the software development landscape, and from the cornerstone Docker has emerged. Its ability to package applications into portable, scalable containers has taken deployment strategies to the next level. However, with this power, comes the responsibility of securing the containers. In this blog, we dive deep into advanced techniques and best practices for securing Docker containers, ensuring your deployments are not just efficient but also fortified against a variety of cyber threats.

This article outlines cybersecurity challenges such as vendor security and the rise of IoT. Solutions include real-time intelligence and cyber-insurance.

Learn how to write your first policy as code rules in Rego. This Rego tutorial for beginners covers the basics of Rego syntax and using OPA.

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities - GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabil...

We analyzed data from thousands of organizations to understand the latest trends in cloud security posture.

A web application frontend often performs requests to a backend API. Even though this API is only supposed to be used by the frontend, it is usually also accessible with a browser. An attacker can use this to exploit vulnerabilities.

Guidance on implementing cryptography as a developer.

How do you identify vulnerable code patterns? Can you spot insufficient input validation? Enhance your Node.js development security with this guide to secure code review.

Learn how to transform your code with custom CodeQL queries that empower you to surface security vulnerabilities and discover new insights.

Ephemeral infrastructure's transient nature has afforded it a 'free pass' on forensic examination in the past, but that window is closing.