guisso.dev - security

guisso.dev - securityThis page is also an RSS feed. Subscribe to follow only the posts tagged security.https://guisso.dev/en//en/CVE-2024-29041 only works on Safari?https://guisso.dev/en/blog/cve-2024-29041-browser-parsers/https://guisso.dev/en/blog/cve-2024-29041-browser-parsers/Digging into the Chromium and Firefox source code to understand why the payload navigates to the malicious host on Safari but not on other browsers.Mon, 02 Mar 2026 13:00:00 GMTCVEExpress.jsAppSecSecurityBrowserNode.jsExpress.js Open Redirecthttps://guisso.dev/en/blog/cve-2024-29041-express-open-redirect/https://guisso.dev/en/blog/cve-2024-29041-express-open-redirect/How a backslash in a URL bypasses allowlists and fools the browser. A full breakdown of CVE-2024-29041 in Express.js with an interactive demo.Thu, 26 Feb 2026 13:00:00 GMTCVEExpress.jsAppSecSecurityNode.jsCursor Rules and Secure Code Reviewhttps://guisso.dev/en/blog/secure-review-cursor-rules/https://guisso.dev/en/blog/secure-review-cursor-rules/How to use Cursor Rules and checklists adapted to the project context to optimize security reviews in modern applications.Tue, 26 Aug 2025 00:00:00 GMTsecuritycode-review"cursorappsecTop 5 Rust Vulnerabilities Created with AIhttps://guisso.dev/en/blog/top-5-rust/https://guisso.dev/en/blog/top-5-rust/Summary of the 5 most common vulnerabilities in Rust applications, generated with AI support and based on RustSec data.Tue, 10 Jun 2025 00:00:00 GMTrustsecuritydevsecopsappsecCreating KPIs for an AppSec Programhttps://guisso.dev/en/blog/appsec-kpi/https://guisso.dev/en/blog/appsec-kpi/I share here my experiences and learnings about creating KPIs for application security, without magic formulas, but with practical insights that can help other professionals in the field.Thu, 30 Jan 2025 00:00:00 GMTsecurityKPIappsecSecurity for Developershttps://guisso.dev/en/blog/sec-dev-book/https://guisso.dev/en/blog/sec-dev-book/In 2020, I started developing a book about security for developers, inspired by other authors and aiming to help the community naturally incorporate security into the daily development workflow.Sun, 24 Nov 2024 13:44:55 GMTsecuritybookdevsecappseceBPF in Actionhttps://guisso.dev/en/blog/ebpf-and-security/https://guisso.dev/en/blog/ebpf-and-security/In this post, we’ll explore what eBPF is, why it’s ideal for Kubernetes clusters, and how it powers security and observability tools in DevOps.Fri, 08 Nov 2024 17:12:56 GMTebpfsecuritydevsecopsk8skubernetesThreat Modeling Express: a fast starthttps://guisso.dev/en/blog/threat-modeling-intro/https://guisso.dev/en/blog/threat-modeling-intro/How to engage the team, map critical assets, and ship controls quickly with Threat Modeling Express.Sat, 28 Sep 2024 10:29:47 GMTThreat ModelingSecurityDevSecOps