Vickie Li – WindowsTechs.com

What are Command Injection vulnerabilities?

Posted on August 10, 2021 by Vickie Li

How command injection vulnerabilities allow attackers to take over your machine, and how you can prevent these vulnerabilities.
Photo by Athul Cyriac Ajay on Unsplash
Command injection vulnerabilities are probably one of the most dangerous vulnerabilit… Continue reading What are Command Injection vulnerabilities?→

API Security 101: Mass Assignment

Posted on August 3, 2021 by Vickie Li

With one click, you are the admin: Mass assignments and their threats to API data integrity.
Photo by Raychan on Unsplash
You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically … Continue reading API Security 101: Mass Assignment→

SAST vs DAST vs SCA?

Posted on July 28, 2021 by Vickie Li

Do you know the difference? Test yourself in the Secure Developer Challenge.
Photo by JESHOOTS.COM on Unsplash
SAST? DAST? SCA?
What’s up with the acronyms in the security world? In this developer challenge, let’s get to know the types of security tool… Continue reading SAST vs DAST vs SCA?→

API Security 101: Broken Function Level Authorization

Posted on July 27, 2021 by Vickie Li

“Who can do what?” is still the biggest issue facing APIs.
Photo by Kara Eads on Unsplash
We are increasingly relying on APIs to power our applications. In this API Security 101 series, let’s discuss the security vulnerabilities that affect APIs, what … Continue reading API Security 101: Broken Function Level Authorization→

API Security 101: Lack of Resources & Rate Limiting

Posted on July 20, 2021 by Vickie Li

Data, data, everywhere. How the lack of rate limiting contributes to severe security issues.
Photo by Ludovic Charlet on Unsplash
You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also perio… Continue reading API Security 101: Lack of Resources & Rate Limiting→

API Security 101: Excessive Data Exposure

Posted on July 13, 2021 by Vickie Li

Hey, I found your access tokens on your profile page.
Photo by Rachel LaBuda on Unsplash
You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnera… Continue reading API Security 101: Excessive Data Exposure→

AppSec Conference: Shifting Left 2.0

Posted on June 16, 2021 by Vickie Li

Sessions to watch for developers and hackers
Photo by Austin Distel on Unsplash
Here at ShiftLeft, we are gearing up for Shifting Left 2.0, a two-day application security conference for developers and security practitioners on June 22–23, 2021. It has … Continue reading AppSec Conference: Shifting Left 2.0→

Secure Developer Challenge May 2021

Posted on June 4, 2021 by Vickie Li

Thanks to everyone who submitted to the Secure Developer Challenge for May 2021!
For this month’s challenge (https://go.shiftleft.io/developer-challenge-05-2021), we asked you to identify which of these statements about HTTP security headers are false:… Continue reading Secure Developer Challenge May 2021→

Closing the Developer Security Skills Gap

Posted on May 25, 2021 by Vickie Li

Photo by Alex Radelich on Unsplash
How to help devs write code, learn security, and fight attackers
Securing software is friggin complicated.
Supply chain attacks, the OWASP top ten, ransomware, insider attacks, and plain old typos. As software develop… Continue reading Closing the Developer Security Skills Gap→

Beating the OWASP Benchmark

Posted on May 20, 2021 by Vickie Li

Achieving a best-in-class OWASP Benchmark score with data and information flows
This post is an update to a previous research post authored by ShiftLeft’s Chief Scientist, Fabian Yamaguchi (https://blog.shiftleft.io/beating-the-owasp-benchmark-24a7b160… Continue reading Beating the OWASP Benchmark→