Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation
In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.
Websec DevSecOps Webinar
Roberto Salgado and Kobalt.io's Miki Fukushima are hosting a free webinar on September 20, 2022 covering why application security matters, the shift to developer-first security, and a practical roadmap for embedding security into DevSecOps.
CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQL
How CodeQL may help reduce false negatives within Open-Source projects. Taking a look into a deserialization vulnerability within Oracle Helidon (CVE-2022-21404).
The Websec Secure Web Application Development (SWAD) Training Course
An introduction to Websec's Secure Web Application Development training course, covering the curriculum, target audience, and how the interactive lectures and quizzes help engineering teams ship more secure code.
The CyberSecure Canada Certification - What Is It? Is It Right For You?
Discussing the Government of Canada's CyberSecure Canada standard for small and medium-sized organizations. What does it cover and why should organizations get certified? How can Websec help you get certified?
Cybersecurity in Web Applications - Where to start? Where to improve? Where to learn more?
A curated guide to web application security resources organised by experience level, from getting started with the basics to advanced training and specialised tooling, with short notes on what each resource covers and when to reach for it.