2024

October 24, 2024
in AppSec
2 min read

DevSecOps: Dynamic Security Analysis with nuclei

What is DAST?

Dynamic Application Security Testing (DAST) is a method to test a snapshot of your application for security issues. It differs from static code analysis in the sense that it focuses on functionality, or else how your application reacts to different input sent by the tool used to perform DAST. By definition it is an automated processs done by a tool that you point to the direction of your API or web interface. The tool then has payloads that will be used during test and depending on the application responses it can identify potential issues.

August 2, 2024
in AppSec
4 min read

Product security logging basics

Why do you need security logging for products?

Every developer understands the critical role of comprehensive error logging. Having detailed logs is invaluable during an operational incident, enabling you to swiftly identify and address the source of issues. This principle holds true for security as well.

May 22, 2024
in AppSec
4 min read

How to choose the right SAST and SCA tools

Let's imagine you are in the situation where you have secured budget to buy tools that analyze the security of your code base. Most probably you will look for a Static Application Security Testing (SAST) solution to scan source code and a Software Composition Analysis (SCA) tool, to create your SBOMs and analyze security/licenses of open-source dependencies.

February 1, 2024
in Cybersecurity
2 min read

Basic email security analysis

I haven't written a blog post for some time now, so here we go: Security analysis of emails!

January 15, 2024
in Cybersecurity
1 min read

Zenmap & Nmap Parser

This is goind to be a quick blog post.

Introducing my new open source tool that parses nmap and zenmap output files from XML and creates CSV reports for further analysis.