Securing Go Applications With SonarQube: Real-World Examples
Take a deep dive into some vulnerabilities in Go applications and understand how SonarQube Cloud helps developers detect and mitigate them during the development cycle.
ποΈβοΈTaking a note on security: our latest blog post focuses on Go vulnerabilities, including Arbitrary File Write, XSS, and Misconfiguration. Showcasing our new support for the language in SonarQube Cloud!
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
07.08.2025 14:44 β π 1 π 0 π¬ 0 π 0
Securing Kotlin Apps With SonarQube: Real-World Examples
Explore how real-world vulnerabilities look in the Kotlin code of Android apps and see how SonarQube helps detect them.
π± Ever wondered what vulnerabilities look like in Android apps?
We have 2 real-world examples for you! From simple misconfig to cross-app data flow, learn how vulnerabilities manifest in the Kotlin code of Android apps:
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
16.07.2025 13:19 β π 0 π 0 π¬ 0 π 0
Catch our second talk at #TROOPERS25:
πΈοΈ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection
Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click
24.06.2025 08:31 β π 4 π 1 π¬ 0 π 0
Title: Scriptless Attacks: Why CSS is My Favorite Programming Language
Speaker: Paul Gerste, Vulnerability Researcher, Sonar
Date: Wednesday, June 25, 2025
Time: 2:15 pm
Location: Track 3
Coming to #TROOPERS25 this week? We'll be there too, presenting our research!
π¨ Scriptless Attacks: Why CSS is My Favorite Programming Language
@pspaul95.bsky.social will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today
23.06.2025 10:57 β π 4 π 2 π¬ 0 π 0
Scripting Outside the Box: API Client Security Risks (2/2)
Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices.
Scripting Outside the Box! π¦
Last week, we saw JS sandboxing pitfalls in API clients. Today, we continue with more complex sandbox escapes in Bruno and Hoppscotch.
Learn how they work and how to sandbox JS securely in part 2:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
20.05.2025 14:48 β π 2 π 0 π¬ 0 π 0
Scripting Outside the Box: API Client Security Risks (1/2)
Discover hidden risks in API testing tools like Postman and Insomnia. We dive into scripting vulnerabilities and explore JavaScript sandbox security pitfalls.
Ever wondered what's going on behind the scenes of your API client? π΅οΈββοΈ
We dug in and found a variety of JS sandboxing pitfalls! Find out how Postman and Insomnia tried to isolate untrusted code and what challenges they faced:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
13.05.2025 15:09 β π 1 π 0 π¬ 0 π 0
Data in Danger: Detecting Cross-Site Scripting in Grafana
Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.
πβ οΈ Data in danger!
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
24.04.2025 15:02 β π 3 π 2 π¬ 0 π 0
π¦π Our second part of the βDiving Into JumpServerβ series is live:
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
25.03.2025 15:28 β π 2 π 0 π¬ 0 π 1
