home.social

#secure-coding — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #secure-coding, aggregated by home.social.

fetched live
  1. AI-assisted development is moving fast, and AppSec has to move with it.

    Shoutout to Symbiotic Security, a Silver Sponsor of AppSec Village, for supporting the community and the conversations around securing AI-generated code.

    Check them out: buff.ly/V8U1caS

    #AppSec #AISecurity #SecureCoding

  2. AI-assisted development is moving fast, and AppSec has to move with it.

    Shoutout to Symbiotic Security, a Silver Sponsor of AppSec Village, for supporting the community and the conversations around securing AI-generated code.

    Check them out: buff.ly/V8U1caS

    #AppSec #AISecurity #SecureCoding

  3. Anthropic Expands AI Bug Hunting Program

    In just eight weeks, Cisco's AI-powered bug hunting program scanned a staggering 1.8 billion lines of code, a task that would have taken their top security team a whopping eight years to complete. This groundbreaking feat showcases the incredible potential of AI-driven cybersecurity solutions.

    osintsights.com/anthropic-expa

    #AiBugHunting #ArtificialIntelligence #VulnerabilityScanning #SecureCoding #EmergingThreats

  4. Ich möchte euch auf ein wichtiges Thema aufmerksam machen: Sicherheitslücken in Go, der von Google entwickelten Programmiersprache! Hier sind die relevanten Informationen:

    * Go-Team hat neue Versionen veröffentlicht, die die Schwachstellen beheben
    * Nutzer sollten ihre Installationen auf die aktuellen Updates migrieren, um Angriffe zu verhindern
    * Go-Team reagiert gezielt auf Sicherheitsprobleme
    #Go #Sicherheit #DecentralizedDevelopment #SecureCoding

    🔗 news.google.com/rss/articles/C

  5. Fake Claude Code installer campaigns are abusing trusted developer workflows instead of exploiting software vulnerabilities.
    Rhys Downing of Ontinue explains how attackers used fake documentation pages, modified install commands, PowerShell loaders, and browser compromise techniques to steal credentials and establish persistence.

    “Developers are becoming a preferred target because they sit at the intersection of trust and access.”

    Read more:
    technadu.com/copy-paste-compro

    #Cybersecurity #ThreatResearch #Developers #ApplicationSecurity #Ontinue #SecureCoding

  6. How we reshape the fallout, is up to us.

    But, there will be monsters.

    There always are.

    #secureCoding #humanism

  7. How we reshape the fallout, is up to us.

    But, there will be monsters.

    There always are.

    #secureCoding #humanism

  8. New by me: Vibe Coding Has a Security Problem, and Shipping Code You Do Not Understand Is Not a Strategy

    AI-assisted coding can absolutely help teams move faster. It can also help them ship weak access controls, insecure defaults, risky dependencies, and code nobody on the team can confidently defend.

    I wrote about why that matters and why review still matters just as much as speed.

    kylereddoch.me/blog/vibe-codin

    #Cybersecurity #AppSec #AI #SecureCoding

  9. New by me: Vibe Coding Has a Security Problem, and Shipping Code You Do Not Understand Is Not a Strategy

    AI-assisted coding can absolutely help teams move faster. It can also help them ship weak access controls, insecure defaults, risky dependencies, and code nobody on the team can confidently defend.

    I wrote about why that matters and why review still matters just as much as speed.

    kylereddoch.me/blog/vibe-codin

    #Cybersecurity #AppSec #AI #SecureCoding

  10. 🚨 Emergency DevSec Station drop.
    There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain.
    One command can protect you immediately: npm config set ignore-scripts true
    Do it today, please. Tell your team. Watch the full 60 seconds.
    #AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm

  11. 🚨 Emergency DevSec Station drop.
    There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain.
    One command can protect you immediately: npm config set ignore-scripts true
    Do it today, please. Tell your team. Watch the full 60 seconds.
    #AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm

  12. NoSQL Injection Attacks: MongoDB, CouchDB, and More – NoSQL injection

    In this article, I cover how NoSQL injection works, common attack vectors, and practical mitigation techniques.
    denizhalil.com/2025/12/23/nosq

    #CyberSecurity #NoSQL #MongoDB #CouchDB #WebSecurity #AppSec #Injection #InfoSec #Pentesting #RedTeam #BlueTeam #securecoding

  13. NoSQL Injection Attacks: MongoDB, CouchDB, and More – NoSQL injection

    In this article, I cover how NoSQL injection works, common attack vectors, and practical mitigation techniques.
    denizhalil.com/2025/12/23/nosq

    #CyberSecurity #NoSQL #MongoDB #CouchDB #WebSecurity #AppSec #Injection #InfoSec #Pentesting #RedTeam #BlueTeam #securecoding

  14. The security implications of "Tokenmaxxing" cannot be ignored. As code churn increases by 800%+, the window for technical debt - and potential vulnerabilities - widens. If 10-30% of AI code is being rewritten within weeks, what does that say about the initial security audit of that code?

    Source: techcrunch.com/2026/04/17/toke

    Are you seeing more insecure patterns creeping into codebases via AI agents? Let’s discuss the risk-to-reward ratio of AI-accelerated development. Follow us for more technical analysis of the AI landscape.

    #InfoSec #AppSec #CyberSecurity #SecureCoding #DevSecOps #Technadu

  15. The security implications of "Tokenmaxxing" cannot be ignored. As code churn increases by 800%+, the window for technical debt - and potential vulnerabilities - widens. If 10-30% of AI code is being rewritten within weeks, what does that say about the initial security audit of that code?

    Source: techcrunch.com/2026/04/17/toke

    Are you seeing more insecure patterns creeping into codebases via AI agents? Let’s discuss the risk-to-reward ratio of AI-accelerated development. Follow us for more technical analysis of the AI landscape.

    #InfoSec #AppSec #CyberSecurity #SecureCoding #DevSecOps #Technadu

  16. Firms Scramble to Secure AI-Generated Code

    As AI-generated code becomes more prevalent, a pressing question emerges: how much attention should security teams give to code produced by artificial intelligence? The surprising answer: a lot, with 58% of organizations dedicating over 10 hours a month to securing it.

    osintsights.com/firms-scramble

    #AigeneratedCode #CodeSecurity #ArtificialIntelligence #EmergingThreats #SecureCoding

  17. Join Fabio Cerullo’s 3-Day Web App Security Essentials training ⚔️
    Exploit real vulnerabilities, understand OWASP Top 10 (2025), and tackle modern risks like AI-generated code, all in hands-on labs.
    owaspglobalappseceuvienna20.sc

    #AppSec #CyberSecurity #OWASP #EthicalHacking #SecureCoding #Infosec

  18. Join Fabio Cerullo’s 3-Day Web App Security Essentials training ⚔️
    Exploit real vulnerabilities, understand OWASP Top 10 (2025), and tackle modern risks like AI-generated code, all in hands-on labs.
    owaspglobalappseceuvienna20.sc

    #AppSec #CyberSecurity #OWASP #EthicalHacking #SecureCoding #Infosec

  19. Java for Secure Enterprise Systems: Why It Still Dominates

    Learn why Java still leads in secure enterprise systems. It offers strong security, scalability, and reliable performance. In this blog, Deuex Solutions explains why businesses trust Java for building safe and powerful applications. Read more to explore the full insights.

    deuexsolutions.com/blog/java-f

    #Java #EnterpriseSoftware #CyberSecurity #SecureCoding #EnterpriseSystems #TechBlog #ITSolutions #DeuexSolutions

  20. DevSecOps Services That Actually Strengthen Your Software

    Looking for reliable DevSecOps services? Deuex Solutions helps you build secure software from day one by integrating security into every stage of development. Explore trusted DevSecOps services in India for safer, faster releases.
    medium.com/@deuexsolutions/dev

    #DevSecOps #DevSecOpsServices #CyberSecurity #SoftwareDevelopment #DevSecOpsIndia #SecureCoding #CloudSecurity #ITServices #DeuexSolutions

  21. 🔎 Cybersecurity Challenge #6 – Spot the Vulnerability

    This application fetches an image from a URL provided by the user. Sounds harmless, right? 👨‍💻

    But allowing servers to request external resources based on user input can sometimes open the door to dangerous attacks.

    Take a closer look at how the URL is validated and how the request is made.

    ⚠️ Is the validation strong enough?

    Question: What security vulnerability exists in this code?

    A) SQL Injection
    B) Server-Side Request Forgery (SSRF)
    C) External XML Entity (XXE)
    D) URL Redirection

    💬 Comment your answer and tell us which line reveals the vulnerability!

    In the next post, I’ll reveal the correct answer and explain how attackers could exploit it in real-world environments.

    #cybersecurity #infosec #ethicalhacking #websecurity #bugbounty #securecoding #CyberKid #securitychallenge #SSRF

  22. 🔎 Cybersecurity Challenge #6 – Spot the Vulnerability

    This application fetches an image from a URL provided by the user. Sounds harmless, right? 👨‍💻

    But allowing servers to request external resources based on user input can sometimes open the door to dangerous attacks.

    Take a closer look at how the URL is validated and how the request is made.

    ⚠️ Is the validation strong enough?

    Question: What security vulnerability exists in this code?

    A) SQL Injection
    B) Server-Side Request Forgery (SSRF)
    C) External XML Entity (XXE)
    D) URL Redirection

    💬 Comment your answer and tell us which line reveals the vulnerability!

    In the next post, I’ll reveal the correct answer and explain how attackers could exploit it in real-world environments.

    #cybersecurity #infosec #ethicalhacking #websecurity #bugbounty #securecoding #CyberKid #securitychallenge #SSRF

  23. Nice new #infosec zine focused on #securecoding with an interesting formula where each article only takes one page

    https://pagedout.institute

  24. Nice new #infosec zine focused on #securecoding with an interesting formula where each article only takes one page

    https://pagedout.institute

  25. Oversecured Flags 1,575 Issues in Android Mental Health Apps
    Oversecured identified 54 high-severity vulnerabilities across 10 apps totaling 14.7M+ installs.
    Technical concerns include:
    • Improper use of Intent.parseUri()
    • Insecure PRNG via java.util.Random
    • Local storage exposure
    • Plaintext API endpoints in APK
    • Missing root detection
    These apps handle highly sensitive mental health records, including CBT notes and therapy transcripts.

    Threat modeling implication:
    Mobile health apps may represent high-value data reservoirs with weaker security maturity than regulated healthcare systems.

    Should digital health apps undergo mandatory security audits before distribution?

    Engage below.
    Follow TechNadu for deep-dive cybersecurity reporting.

    #Infosec #MobileAppSecurity #AndroidSecurity #SecureCoding #DigitalHealth #ThreatModeling #AppSec #CyberRisk #DataProtection

  26. So amazing to see incredible friends at Wild West Hackin' Fest! Thank you Chad!!!

    And thank you Black Hills for having me in to teach! #securecoding

  27. So amazing to see incredible friends at Wild West Hackin' Fest! Thank you Chad!!!

    And thank you Black Hills for having me in to teach! #securecoding

  28. Why secure coding is ignored in hiring, how interview practices fail to detect risk, and what organizations must change to build safer software from day one. hackernoon.com/why-secure-codi #securecoding

  29. Why secure coding is ignored in hiring, how interview practices fail to detect risk, and what organizations must change to build safer software from day one. hackernoon.com/why-secure-codi #securecoding

  30. age.rb – Ruby bindings for age!

    If you're working with Ruby and looking for a simple, secure, and modern solution for file encryption, age.rb bridges the gap, bringing the elegance of Ruby to the robust age encryption tool.

    Give it a try, explore the repo on GitHub, and let me know what you think. Contributions and feedback are always welcome!

    Repository: github.com/tschaefer/age.rb

    #Ruby #Cryptography #OpenSource #AgeEncryption #SecureCoding

  31. age.rb – Ruby bindings for age!

    If you're working with Ruby and looking for a simple, secure, and modern solution for file encryption, age.rb bridges the gap, bringing the elegance of Ruby to the robust age encryption tool.

    Give it a try, explore the repo on GitHub, and let me know what you think. Contributions and feedback are always welcome!

    Repository: github.com/tschaefer/age.rb

    #Ruby #Cryptography #OpenSource #AgeEncryption #SecureCoding

  32. Cal.com has patched a critical authentication bypass (CVE-2025-66489) that allowed attackers to submit any non-empty TOTP field and skip password checks. Versions ≤5.9.7 were impacted.

    Update to 5.9.8 to ensure both password and TOTP verification are enforced.
    How should MFA implementations be validated to prevent logic gaps like this?

    Source: gbhackers.com/critical-cal-com

    Share your insights and follow us for more security reporting.

    #infosec #appsec #CVE2025 #authentication #MFA #ThreatIntel #SecureCoding #SoftwareSecurity #VulnerabilityManagement #SecurityUpdate

  33. Rust continues to reshape Android’s security posture.

    Google reports memory-safety bugs are now under 20%, backed by:
    • 1000× reduction in memory-safety bug density vs C/C++
    • 4× fewer rollbacks
    • Faster reviews + fewer revisions
    • Rust moving deeper into kernel, firmware & Android’s security-sensitive apps
    A recent “near-miss” RCE (CVE-2025-48530) in unsafe Rust was mitigated by Scudo before reaching public release.

    Thoughts from the AppSec community?
    Follow @technadu for more unbiased cybersecurity reporting.

    #RustLang #MemorySafety #AndroidSecurity #AppSec #InfoSec #DevSecOps #SecureCoding #TechNadu