ShiftLeft Blog
116 FOLLOWERS
Your source for the latest in Application Security, DevSecOps, and Cybersecurity. ShiftLeft is a code security platform that automates security workflows and delivers the right vulnerabilities to the right developers at the right time.
ShiftLeft Blog
5d ago
Love them or hate them, large language models (LLM) are here to stay. After opening the Pandora’s Box of ChatGPT in late 2022, everyone from developers to grandmas began using the tool to get the answers they wanted – and fast. As with every other new technology, ChatGPT created a new set of security risks, impacting both organizations as malicious actors use it to write realistic phishing emails and developers as they seek to improve their delivery times.
If you’re looking to use ChatGPT for coding, you should understand its capabilities and limitations so that you make informed decisio ..read more
ShiftLeft Blog
1w ago
Imagine yourself standing in a local fair at night. The bright lights from the games beckon you, and you see your favorite game, the one you’re best at – Whack-A-Mole. You excitedly walk up to the booth, plunk down your few dollars, and get ready to whack a bunch of plastic, animatronic moles back into their holes. You have the best time of your life that night as you hit an all time high score.
Now, you’re sitting at your computer, reviewing the vast myriad of vulnerabilities that your static application security testing (SAST) tool generated. You might be feeling overwhelmed, like you ..read more
ShiftLeft Blog
2w ago
Introduction
In the world of software development, managing dependencies is like keeping the gears of a well-oiled machine running smoothly. Get ready to dive deep into practical strategies and tools that streamline your development process, ensuring your projects are as efficient and error-free as possible. This is your guide to mastering dependency management, making every build and deployment predictable and stress-free.
Understanding Dependency Management
In software development, dependencies refer to external components such as libraries, frameworks, and services that a project requires ..read more
ShiftLeft Blog
2w ago
Introduction
Have you ever wondered why meticulously coded applications sometimes falter or how the unseen processes within can impact user experience? This article dives into error handling and logging—essential practices that ensure software resilience, security, and maintainability. You’ll learn the significance of these components, understand their implementation, and discover tools that fortify application development.
What is Error Handling?
Error handling is the technique developers use to manage unexpected situations in a program’s execution. Think of it as the safety net that c ..read more
ShiftLeft Blog
2w ago
Introduction
Ever wondered how web apps keep your info safe from hackers? This blog post is all about Output Encoding, a key trick in the web developer’s handbook that stops bad scripts from sneaking into websites and causing trouble. We’re going to show you why it’s super important, how it’s different from other security moves, and how to use it the right way. Stick with us, and you’ll learn some neat ways to make your web projects a lot safer for everyone.
What is Output Encoding?
Output Encoding is a security technique used in web development to convert potentially harmful characters from ..read more
ShiftLeft Blog
2w ago
Introduction
Ever wondered what separates a secure application from a vulnerable one from a developer’s perspective? It often boils down to how well you handle user inputs. In this blog, we dive into input validation, an essential yet sometimes overlooked aspect of coding for security. It’s a straightforward guide on the why, how, and what of input validation techniques, offering practical insights and actionable tips. By the end, developers will gain valuable skills to enhance app security and improve overall coding efficiency.
What is Input Validation?
Input validation is like the bouncer a ..read more
ShiftLeft Blog
2w ago
When it comes to web application vulnerabilities and attacks, malicious actors are a lot like Cookie Monster, screaming, “Me love cookie!” Digital cookies may not be as tasty as chocolate chips, but they’re just as deliciously enticing because they often contain sensitive information or enable attackers to gain unauthorized access.
While both Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks use similar terminology and can impact user access and session cookies, they have different methodologies and impacts. To correctly secure your application, you should understa ..read more
ShiftLeft Blog
2w ago
Introduction
How does a website recall your digital footprints during each visit? This article dives into session management, the silent guardian of web navigation, ensuring our virtual moves are remembered and protected. You’ll be equipped with essential insights on maintaining secure and fluid online experiences through robust session management practices.
What is Session Management?
Cross-Site Request Forgery (CSRF) is a security flaw that lets attackers force end users to execute unintended actions on a web application where they are currently authenticated. It is a treacherous exp ..read more
ShiftLeft Blog
2w ago
Introduction
Imagine clicking a link and unintentionally giving a cyber thief access to your data. This article dives into the silent threat of CSRF, where your trusted web session becomes a hacker’s tool. You’ll learn what CSRF is, how it operates, and how you can protect against its deceptive maneuvers.
What is Cross-Site Request Forgery (CSRF)?
Cross-site request Forgery (CSRF) is a web security vulnerability that tricks users into executing unwanted actions on a web application where they are authenticated.
Unlike other attacks that rely on directly injecting malicious scripts, CSRF ..read more
ShiftLeft Blog
2w ago
Introduction
Did you know that a simple website visit could put your personal information at risk? In this article, we explain how a common online threat called XSS can cause big problems and show you ways to keep your application secure.
What is Cross-Site Scripting (XSS)?
Cross-site scripting (XSS) is a significant web security vulnerability that enables attackers to inject malicious scripts into content that other users see. This type of attack exploits a user’s trust in a particular site, allowing the attacker to send malicious code to an unsuspecting user through the web applicatio ..read more