This page is also an RSS feed. Subscribe to follow only the posts tagged AppSec.https://guisso.dev/en//en/https://guisso.dev/en/blog/cve-2024-29041-browser-parsers/https://guisso.dev/en/blog/cve-2024-29041-browser-parsers/Digging into the Chromium and Firefox source code to understand why the payload navigates to the malicious host on Safari but not on other browsers.Mon, 02 Mar 2026 13:00:00 GMTCVEExpress.jsAppSecSecurityBrowserNode.jshttps://guisso.dev/en/blog/cve-2024-29041-express-open-redirect/https://guisso.dev/en/blog/cve-2024-29041-express-open-redirect/How a backslash in a URL bypasses allowlists and fools the browser. A full breakdown of CVE-2024-29041 in Express.js with an interactive demo.Thu, 26 Feb 2026 13:00:00 GMTCVEExpress.jsAppSecSecurityNode.jshttps://guisso.dev/en/blog/owasp-top10-2025-details/https://guisso.dev/en/blog/owasp-top10-2025-details/Top 10:2025 is not just a list. It reflects how misconfigurations, supply chain, exception handling, and operational failures are breaking real businesses.Tue, 10 Feb 2026 15:00:00 GMTowasptop10appsechttps://guisso.dev/en/blog/secure-review-cursor-rules/https://guisso.dev/en/blog/secure-review-cursor-rules/How to use Cursor Rules and checklists adapted to the project context to optimize security reviews in modern applications.Tue, 26 Aug 2025 00:00:00 GMTsecuritycode-review"cursorappsechttps://guisso.dev/en/blog/top-5-rust/https://guisso.dev/en/blog/top-5-rust/Summary of the 5 most common vulnerabilities in Rust applications, generated with AI support and based on RustSec data.Tue, 10 Jun 2025 00:00:00 GMTrustsecuritydevsecopsappsechttps://guisso.dev/en/blog/appsec-kpi/https://guisso.dev/en/blog/appsec-kpi/I share here my experiences and learnings about creating KPIs for application security, without magic formulas, but with practical insights that can help other professionals in the field.Thu, 30 Jan 2025 00:00:00 GMTsecurityKPIappsechttps://guisso.dev/en/blog/sec-dev-book/https://guisso.dev/en/blog/sec-dev-book/In 2020, I started developing a book about security for developers, inspired by other authors and aiming to help the community naturally incorporate security into the daily development workflow.Sun, 24 Nov 2024 13:44:55 GMTsecuritybookdevsecappsechttps://guisso.dev/en/blog/python-injection/https://guisso.dev/en/blog/python-injection/Demonstration of a Telegram bot made in Python with injection vulnerabilitySat, 23 Mar 2024 13:42:45 GMTowaspappsecpythoninjectionenhttps://guisso.dev/en/blog/devsec-links-2/https://guisso.dev/en/blog/devsec-links-2/Interesting links on the topic of secure development.Fri, 01 Dec 2023 12:45:33 GMTDevSecAppSecLinkssecretsci/cdchatgptcopilothttps://guisso.dev/en/blog/devsec-links-10/https://guisso.dev/en/blog/devsec-links-10/Interesting links on the topic of secure development.Wed, 01 Nov 2023 12:45:33 GMTDevSecAppSecLinksoauthpostmanoktagithttps://guisso.dev/en/blog/devsec-links-9/https://guisso.dev/en/blog/devsec-links-9/Interesting links on the topic of secure development.Sun, 01 Oct 2023 12:45:33 GMTDevSecAppSecLinkspypinpmopenapiapiimdshttps://guisso.dev/en/blog/devsec-links-8/https://guisso.dev/en/blog/devsec-links-8/Interesting links on the topic of secure development.Fri, 01 Sep 2023 12:45:33 GMTDevSecAppSecLinksgcpdefconci/cdsecretshttps://guisso.dev/en/blog/devsec-links-7/https://guisso.dev/en/blog/devsec-links-7/Interesting links on the topic of secure development.Tue, 01 Aug 2023 12:45:33 GMTDevSecAppSecLinksslsacsrfcorsapicsphttps://guisso.dev/en/blog/devsec-links-6/https://guisso.dev/en/blog/devsec-links-6/Interesting links on the topic of secure development.Sat, 01 Jul 2023 12:45:33 GMTDevSecAppSecLinksslsasupply chainapiauthterraformhttps://guisso.dev/en/blog/devsec-links-5/https://guisso.dev/en/blog/devsec-links-5/Interesting links on the topic of secure development.Thu, 01 Jun 2023 12:45:33 GMTDevSecAppSecLinkskeycloakgcps3redosransomwarehttps://guisso.dev/en/blog/devsec-links-4/https://guisso.dev/en/blog/devsec-links-4/Interesting links on the topic of secure development.Mon, 01 May 2023 12:45:33 GMTDevSecAppSecLinksgolangoidclambdaredoshttps://guisso.dev/en/blog/devsec-links-3/https://guisso.dev/en/blog/devsec-links-3/Interesting links on the topic of secure development.Sat, 01 Apr 2023 12:45:33 GMTDevSecAppSecLinksoauthoidcpasswordlessiamterraformhttps://guisso.dev/en/blog/devsec-links-1/https://guisso.dev/en/blog/devsec-links-1/Interesting links on the topic of secure development.Wed, 01 Mar 2023 12:45:33 GMTDevSecAppSecLinkschatgptapicorstlsgitsecretshttps://guisso.dev/en/blog/github-actions-recon/https://guisso.dev/en/blog/github-actions-recon/Demonstration of how to use Github Actions to automate a ReconWed, 16 Mar 2022 03:00:46 GMTowaspappsecreconenamassnaabunucleihttps://guisso.dev/en/blog/hacktoberfest-owasp/https://guisso.dev/en/blog/hacktoberfest-owasp/Quick guide to contribute to OWASP projects during Hacktoberfest and secure your PRs.Sat, 05 Oct 2019 14:26:27 GMTowaspappsechacktoberfesthttps://guisso.dev/en/blog/conhecendo-a-owasp/https://guisso.dev/en/blog/conhecendo-a-owasp/A brief introduction to OWASP and its projectsWed, 20 Mar 2019 23:42:45 GMTowaspappsecen