It’s never enough

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.

Top ten vulnerabilities that threaten your API, how to identify them, and how to prevent them

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten.

The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive…

Longer than you thought

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.

And four principles for securing your organization’s information including your source code and supply chain

Photo by Caspar Camille Rubin on Unsplash

Twitch, a popular live video streaming service, was breached last week. Last Wednesday, an anonymous individual published a file online containing the entirety of twitch.tv’s source code, information about twitch’s internal services and development tools, penetration testing reports and tools, and payouts to prominent Twitch streamers. …

Getting started with a source code review using ShiftLeft CORE

Photo by Roman Synkevych on Unsplash

Performing a source code review is one of the best ways to find security issues in an application. But how do you do it? In this guide, we’ll go through the basics of code analysis and some tips for performing a security code review on your application.

Before you start…

Not much to add

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.

How logging and monitoring prevent damage to an application and its users

Photo by Chris Yang on Unsplash

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive…

Sources and Sinks interviews security conference veteran Magno Logan

Photo by Alex Kotliarskyi on Unsplash

If you’ve been to a security event before, you’d know what a great experience it is to meet fellow hackers, security folks, and to learn about new ideas. But what goes into running a security conference?

Today on sources and sinks, I interview Magno, the founder of the OWASP Paraíba…

Using the Software Development Life Cycle (SDLC) as a model to secure your application

Photo by Glenn Carstens-Peters on Unsplash

If you are into building software, you’ve probably heard of the software development life cycle (SDLC). The SDLC describes the five stages of application development: the requirements phase, the design phase, the coding phase, the testing phase, and the release phase.

Teach yourself computer science, cybersecurity, or anything, really

Photo by Carl Jorgensen on Unsplash

Recently, a lot of you have been reaching out to me asking how you can get started in the infosec industry. You asked me what kind of skills you need, what type of certificates you should get, and which programming languages you should learn. …

Vickie Li

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store