HackCert

// field_notes

The Hackcert Blog

389 field-grade guides on offensive ops, blue-team detection, cloud security, AI red-teaming and more — written for engineers who ship.

Showing posts for tag: AppSec Clear
Code Review: Methods for Identifying Hidden Bugs and Security Vulnerabilities in Source Code
Intermediate 12 min read

Code Review: Methods for Identifying Hidden Bugs and Security Vulnerabilities in Source Code

Discover the methodologies of secure code review, exploring how to detect injection flaws, business logic errors, and critical vulnerabilities before they reach production.

Rokibul IslamAppSecCybersecurityIntermediate
OWASP Top 10: Top 10 Web Application Security Vulnerabilities and How to Prevent Them!
Intermediate 8 min read

OWASP Top 10: Top 10 Web Application Security Vulnerabilities and How to Prevent Them!

Master the OWASP Top 10 to understand the most critical web application security risks and learn the essential coding practices required to secure your software.

Imran Hossain ChowdhuryWeb SecurityAppSecIntermediate
SBOM Management: Securing the Software Supply Chain with a Comprehensive Inventory of Third-Party Components
Beginner 8 min read

SBOM Management: Securing the Software Supply Chain with a Comprehensive Inventory of Third-Party Components

Learn the fundamentals of Software Bill of Materials (SBOM) management and why tracking third-party dependencies is essential for securing modern software supply chains.

Abdullah Al MamunSupply Chain SecurityAppSecBeginner
Secrets Management: Securely Storing API Keys, Passwords, and Sensitive Data
Beginner 8 min read

Secrets Management: Securely Storing API Keys, Passwords, and Sensitive Data

Learn the fundamentals of Secrets Management and discover the best practices for protecting API keys and credentials in modern software development.

Rokibul IslamAppSecSecrets ManagementBeginner
Threat Modeling: The Architectural Framework for Identifying Security Risks Early
Advanced 9 min read

Threat Modeling: The Architectural Framework for Identifying Security Risks Early

Learn the advanced principles of threat modeling, an architectural framework used in the Software Development Life Cycle to proactively identify and mitigate security risks before writing code.

Rokibul IslamThreat ModelingAppSecAdvanced
A Practical Guide to GraphQL Security
Intermediate 10 min read

A Practical Guide to GraphQL Security

Secure GraphQL APIs against introspection abuse, query complexity attacks, broken authorization, and the unique pitfalls of resolver design.

Rania Imran QadriGraphQL SecurityAPI SecurityAppSec
A Practical Guide to Mobile App Security
Intermediate 10 min read

A Practical Guide to Mobile App Security

End-to-end mobile app security: secure storage, transport, authentication, anti-tampering, and the OWASP MASVS standards.

Rania Imran QadriMobile App SecurityOWASP MASVSAppSec
Intro to Web Application Security Basics
Beginner 9 min read

Intro to Web Application Security Basics

Learn the fundamentals of web application security, the OWASP Top 10, common attack patterns, and defenses every developer and beginner should know.

Imran Khalid MirzaWeb Application SecurityAppSecOWASP
A Practical Guide to Secure Code Review
Intermediate 10 min read

A Practical Guide to Secure Code Review

Conduct effective secure code reviews: scope, hotspot identification, common bug classes, tooling, and feedback that developers will act on.

Omar Farooq SheikhSecure Code ReviewAppSecDevSecOps