Modeling DoS attacks through attacker leverage
Video from meetup hosted on August 26th
How we’re making Sempgrep patterns more precise with type support
Avoid accidental HTML injection when sending emails from an application
Examining 2,000+ npm modules for common mistakes when using JWT
Injection using the HTTP verb in Django
Video from the Bay Area OWASP Meetup on May 21
Semgrep is an open-source tool that is like a code-aware grep
An inside look at writing program analysis using Semgrep
The creator of Django on preventing SQL injection
Video from Hella Secure’s virtual AppSec conference, HellaConf
Video from the Silicon Valley Cyber Security Meetup on April 9
Improving regular expression denial-of-service detection
Material from the presentation at the SF Python Virtual Meetup
A check for the Requests library to detect credentials sent over HTTP
Catch a high-severity Python vuln and new checks for Jinja templates
Find severe regular expression denial-of-service bugs in Python using Bento
Automating regular expression denial-of-service detection
Changes to Bento’s default behavior integrate it more smoothly into your workflow
Our learnings from user feedback and how to use Bento individually and on teams
Check for missing authorization decorators in apps using JWTs
Detect possible XSS in unescaped Jinja templates used in Flask
Find use of json.dumps() in Flask where jsonify() should be used instead
Ensure cookie settings are set securely in Flask
Bento check to detect if send_file() will throw an exception
Introducing Bento, a free and opinionated toolkit for easily adopting linters and program analysis in a codebase
How we’ve curated our code checks in Bento
Material from our DEF CON workshop on finding vulnerabilities at ecosystem-scale
Our unique infrastructure leads to unique challenges related to how Docker interacts with filesystem permissions