Vickie Li – Page 2 – WindowsTechs.com

Beating the OWASP Benchmark

Posted on May 20, 2021 by Vickie Li

This post is an update to a previous research post authored by ShiftLeft’s Chief Scientist, Fabian Yamaguchi (https://blog.shiftleft.io/beating-the-owasp-benchmark-24a7b1601031). In the last article, he evaluated ShiftLeft’s static analysis tool agains… Continue reading Beating the OWASP Benchmark→

What is the Same-Origin Policy?

Posted on May 19, 2021 by Vickie Li

Building a safer Internet with the SOP for developers.
Photo by Kelly Sikkema on Unsplash
In one sentence, the Same-Origin Policy is this: A script from one page can only access data from another page if they have the same origin.
Good cookies, bad coo… Continue reading What is the Same-Origin Policy?→

ShiftLeft @ RSA

Posted on May 10, 2021 by Vickie Li

Hunt bugs, detect malware, and win some snacks!
Are you going to the RSA conference coming up on May 17th to 20th? If so, come join us in talks, workshops, and our developer challenge! Here’s what we are up to at RSA and RSA DevOpsConnect.
Photo by Ada… Continue reading ShiftLeft @ RSA→

Intro to the Content Security Policy (CSP)

Posted on May 4, 2021 by Vickie Li

What you need to know about CSP, a fundamental defense mechanism of the Internet.
Photo by Florian Olivo on Unsplash
There are many decisions that go into the process of creating a secure website. One of these decisions is selecting which HTTP security… Continue reading Intro to the Content Security Policy (CSP)→

Managing Open Source Vulnerabilities

Posted on April 26, 2021 by Vickie Li

When you test your code, are you really testing all of it?
Photo by Artem Sapegin on Unsplash
It seems impossible to write software without using open-source components. A single “import package” can mean thousands of lines of code added to an applicat… Continue reading Managing Open Source Vulnerabilities→

Detecting Sensitive Data Leaks That Matter

Posted on March 17, 2021 by Vickie Li

How to scan for PII leaks, credentials, and other sensitive data leaks using data flows.
Last time, I talked about the perils of leaving secrets in open-sourced code and how to detect those secrets using regex and entropy analysis.
Scanning for Secrets… Continue reading Detecting Sensitive Data Leaks That Matter→

Scanning for Secrets in Source Code

Posted on March 4, 2021 by Vickie Li

How to uncover leak secrets with regex + entropy analysis
Image is taken from https://twitter.com/DZoneInc/status/1361420207793659904.
As a developer, I admit that I’ve committed secrets to public Github repositories before. Hardcoded secrets have alwa… Continue reading Scanning for Secrets in Source Code→

Writing for the Web

Posted on February 19, 2021 by Vickie Li

A guide for writing better technical articles + blog posts
Photo by Andrew Neel on Unsplash
One of the questions I get the most in my Twitter DMs is “How do I write better technical blog posts”?
Technical writing is a specialist skill, and I am by no m… Continue reading Writing for the Web→

Preventing XXE in Java Applications

Posted on February 12, 2021 by Vickie Li

Impact, exploitation, and prevention of XML External Entity Vulnerabilities
Photo by Piotr Chrobot on Unsplash
Welcome back to AppSec simplified! In this tutorial, we are going to talk about how you can prevent XXEs in Java applications. If you are not… Continue reading Preventing XXE in Java Applications→

Detecting and Exploiting XXEs: AppSec Simplified

Posted on January 29, 2021 by Vickie Li

Finding XXE vulnerabilities in applications via code analysis
Welcome back to AppSec Simplified! Last time, we talked about the fascinating XXEs vulnerabilities and how they can affect your application. If you are not already familiar with XXEs, please… Continue reading Detecting and Exploiting XXEs: AppSec Simplified→