Deep technical analysis on application security, static analysis, and DevSecOps from the GraphNode research team.
Pattern matching catches the obvious bugs. But real vulnerabilities hide in the flow of data across method boundaries, class hierarchies, and module interfaces. Here's why taint propagation analysis remains the most reliable technique for finding injection vulnerabilities at scale.
Read Full ArticleOn January 24, 2024, Jenkins published an advisory for CVE-2024-23897. Real vulnerable to fixed code in Node and Python, with the attack patterns that still ship in 2026.
Read ArticleTwo XSS variants, two detection profiles. eBay 2014 stored XSS as the anchor, with code examples in PHP, Express, and Flask.
Read ArticleThe Capital One 2019 story, AWS metadata service exploitation, and IMDSv2. Vulnerable Python and Node examples plus the modern fix.
Read ArticlePortSwigger 2015 named the category. CVE-2022-22954 VMware proved it still ships at scale. Vulnerable Flask and FreeMarker examples.
Read ArticleReginaldo Silva's $33,500 Facebook bounty as the anchor. Python lxml and Java DocumentBuilder vulnerable plus fixed.
Read Articlelodash CVE-2019-10744 made the category mainstream. Express deep-merge gadget shown vulnerable then fixed with null-prototype guards.
Read ArticleTim McLean's 2015 disclosure named the category. CVE-2022-21449 added a new way to forge ECDSA. Node and Python verify code examples.
Read ArticlePen Test Partners' 2021 Peloton API disclosure as the anchor. Express and Django vulnerable plus fixed handlers, plus the OWASP API1:2023 BOLA framing.
Read ArticleThe dollar-ne null auth bypass is six characters wide. Mongoose login, raw query passthrough, and dollar-where execution shown vulnerable plus fixed.
Read ArticleGitLab CVE-2021-22205 as the opener — ExifTool RCE via image upload. Python subprocess and Node exec vulnerable plus fixed examples.
Read ArticleAutomated dynamic scanning and manual penetration testing solve different problems. The trick is sequencing them correctly so you catch business-logic flaws and regression bugs without burning your testing budget.
Read ArticlePronounced "salsa", the SLSA framework defines four levels of supply chain integrity. Here's what each level requires and how to actually achieve Level 2 in a real CI pipeline.
Read ArticleMisconfigured S3 buckets, exposed Kubernetes admin endpoints, and IAM "Action: *" policies cause more cloud breaches than zero-days. IaC scanning catches them before deployment.
Read ArticleStatic and dynamic analysis test different aspects of your application. Understanding when and how to use each approach -- and why SAST catches what DAST cannot -- is essential for building a complete security testing strategy.
Read ArticleThe biggest objection to shift-left security? "It slows us down." This is a solvable problem. Incremental scanning, baseline management, and smart quality gates let you enforce security standards without blocking every pull request.
Read ArticleYour project has 50 direct dependencies. But those pull in 400+ transitive packages you never explicitly chose. Log4Shell proved that a single vulnerability buried four layers deep can compromise everything. Here's how to get visibility into your full dependency tree.
Read ArticleA SAST tool that reports 500 findings per scan is useless if 400 of them are false positives. Advanced techniques like interprocedural analysis, sanitization detection, and context-aware taint tracking are what separate actionable results from noise.
Read ArticleGet the latest security research, technical deep dives, and best practices delivered to your inbox.
