Do you know the difference? Test yourself in the Secure Developer Challenge.

Photo by JESHOOTS.COM on Unsplash

SAST? DAST? SCA?

What’s up with the acronyms in the security world? In this developer challenge, let’s get to know the types of security tools we often hear about: SAST, DAST, and SCA, their pros and cons, as well as when to implement them into the development cycle. Learn about the differences between SAST, DAST, and SCA in our blog post here:

Match the following statements to a type of security tool. Do these statements apply to SAST, DAST, or SCA?

  1. Also called “Static Application Security Testing”.
  2. Best if run towards the end of the development lifecycle, and ran in…


“Who can do what?” is still the biggest issue facing APIs.

Photo by Kara Eads on Unsplash

We are increasingly relying on APIs to power our applications. In this API Security 101 series, let’s discuss the security vulnerabilities that affect APIs, what causes these vulnerabilities, and how to prevent them in your own applications.

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, Broken Function Level Authorization, Mass…


Meet the Developers!

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.


Data, data, everywhere. How the lack of rate limiting contributes to severe security issues.

Photo by Ludovic Charlet on Unsplash

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, Broken Function Level Authorization, Mass Assignment, Security Misconfiguration, Injection, Improper Assets Management, and Insufficient Logging & Monitoring.

Many of these vulnerabilities affect application components besides APIs as well, but they tend to manifest themselves in APIs. Last time, we talked about a…


XSS, RCE, SQL injection. Diving into the root of injection vulnerabilities.

Photo by Manuel Chinchilla on Unsplash

What do SQL injections, command injections, and cross-site scripting have in common? The answer is that they are all injection vulnerabilities!

Lately, I have been thinking a lot about how to teach security. And something I think is really important when learning about security is understanding the fundamentals of why something is happening. So instead of learning about a singular technique or vulnerability class, you want to understand the underlying mechanisms of what caused these issues and why a certain attack is working the way it is.

The fundamentals of injections

Injection issues are super common. They are the underlying issue for a huge…


Dating 101

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.


Hey, I found your access tokens on your profile page.

Photo by Rachel LaBuda on Unsplash

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, Broken Function Level Authorization, Mass Assignment, Security Misconfiguration, Injection, Improper Assets Management, and Insufficient Logging & Monitoring.

Many of these vulnerabilities affect application components besides APIs as well, but they tend to manifest themselves in APIs. Last time, we talked about broken…


No Time For Love

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.


How attackers hack API authentication. Are you who you say you are?

Photo by Markus Spiske on Unsplash

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, Broken Function Level Authorization, Mass Assignment, Security Misconfiguration, Injection, Improper Assets Management, and Insufficient Logging & Monitoring.

Many of these vulnerabilities affect application components besides APIs, but they tend to manifest themselves in APIs. …


The eternal struggles of Dev Life

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.

Vickie Li

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store