DEV Community

# opensourcesecurity

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Ultralytics AI Pwn Request Supply Chain Attack

Ultralytics AI Pwn Request Supply Chain Attack

Comments
7 min read
If you don’t know about HTTP Archive’s Web Almanac yet, you should!

If you don’t know about HTTP Archive’s Web Almanac yet, you should!

Comments
3 min read
Understanding command injection vulnerabilities in Go

Understanding command injection vulnerabilities in Go

11
Comments 1
8 min read
The mysterious supply chain concern of string-width-cjs npm package

The mysterious supply chain concern of string-width-cjs npm package

Comments
7 min read
The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant

The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant

Comments
4 min read
Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

15
Comments
5 min read
Abusing Ubuntu 24.04 features for root privilege escalation

Abusing Ubuntu 24.04 features for root privilege escalation

2
Comments
24 min read
Vulnerabilities in NodeJS C/C++ add-on extensions

Vulnerabilities in NodeJS C/C++ add-on extensions

1
Comments
12 min read
Polyfill supply chain attack embeds malware in JavaScript CDN assets

Polyfill supply chain attack embeds malware in JavaScript CDN assets

212
Comments 6
5 min read
How to secure a REST API?

How to secure a REST API?

2
Comments
11 min read
Preventing broken access control in express Node.js applications

Preventing broken access control in express Node.js applications

5
Comments
12 min read
How to secure Python Flask applications

How to secure Python Flask applications

27
Comments
17 min read
How to install Java on macOS

How to install Java on macOS

1
Comments
12 min read
Symmetric vs. asymmetric encryption: Practical Python examples

Symmetric vs. asymmetric encryption: Practical Python examples

3
Comments
16 min read
The ultimate guide to creating a secure Python package

The ultimate guide to creating a secure Python package

17
Comments 3
15 min read
Building an npm package compatible with ESM and CJS in 2024

Building an npm package compatible with ESM and CJS in 2024

25
Comments 4
4 min read
Exploiting HTTP/2 CONTINUATION frames for DoS attacks

Exploiting HTTP/2 CONTINUATION frames for DoS attacks

2
Comments
4 min read
GitHub “besieged” by malware repositories and repo confusion: Why you'll be ok

GitHub “besieged” by malware repositories and repo confusion: Why you'll be ok

4
Comments 1
8 min read
Preventing server-side request forgery in Node.js applications

Preventing server-side request forgery in Node.js applications

6
Comments
8 min read
10 GitHub Security Best Practices

10 GitHub Security Best Practices

3
Comments
14 min read
7 tips to become a successful bug bounty hunter

7 tips to become a successful bug bounty hunter

18
Comments 1
5 min read
Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195)

Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195)

6
Comments
5 min read
Handling security vulnerabilities in Spring Boot

Handling security vulnerabilities in Spring Boot

5
Comments 2
6 min read
Dependency injection in Python

Dependency injection in Python

4
Comments
12 min read
The art of conditional rendering: Tips and tricks for React and Next.js developers

The art of conditional rendering: Tips and tricks for React and Next.js developers

8
Comments 2
11 min read
How to update cURL

How to update cURL

7
Comments
8 min read
Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem

Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem

1
Comments
9 min read
How to implement SSL/TLS pinning in Node.js

How to implement SSL/TLS pinning in Node.js

4
Comments
9 min read
Streamline dependency updates with Mergify and Snyk

Streamline dependency updates with Mergify and Snyk

1
Comments
7 min read
.NET developers alert: Moq NuGET package exfiltrates user emails from git

.NET developers alert: Moq NuGET package exfiltrates user emails from git

7
Comments
4 min read
The importance of verifying webhook signatures

The importance of verifying webhook signatures

Comments
8 min read
Finding and fixing insecure direct object references in Python

Finding and fixing insecure direct object references in Python

1
Comments
6 min read
Session management security: Best practices for protecting user sessions

Session management security: Best practices for protecting user sessions

4
Comments
11 min read
Using insecure npm package manager defaults to steal your macOS keyboard shortcuts

Using insecure npm package manager defaults to steal your macOS keyboard shortcuts

Comments
5 min read
SnakeYaml 2.0: Solving the unsafe deserialization vulnerability

SnakeYaml 2.0: Solving the unsafe deserialization vulnerability

3
Comments
5 min read
Top 8 penetration testing tools

Top 8 penetration testing tools

7
Comments 2
5 min read
How to generate an SBOM for JavaScript and Node.js applications

How to generate an SBOM for JavaScript and Node.js applications

4
Comments
11 min read
The npm faker package and the unexpected demise of open source libraries

The npm faker package and the unexpected demise of open source libraries

9
Comments
10 min read
loading...