CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...
Security Boulevard

Understanding Implicit Identity Authentication Methods

A deep dive into implicit identity authentication methods for software development, covering oauth 2.0 flows, security risks, and modern alternatives for single-page applications.
Security Boulevard

How to Implement Multi-User Testing in DAST: Real-World Examples

Discover how to test for multi-user vulnerabilities. Four real-world examples of tenant isolation, consolidated testing, and ...
Cloud Security Alliance

AWS Ends SSE-C Encryption, and a Ransomware Vector

SSE-C stands (well, stood) for “Server Side Encryption- Customer-provided keys”. It allowed you to provide an encryption key ...