Protect your open source project from supply chain attacks - https://opensource.googleblog.com/2021/10/protect-your-open-source-project-from-supply-chain-attacks.html?m=1

This blog post walks through the quiz questions, answers, and options for prevention, and can serve as a beginner's guide for anyone who wants to protect their open source project from supply chain attacks.

Trojan Source Attacks - https://trojansource.codes/

Some vulnerabilities are invisible - rather than inserting logical bugs, adversaries can attack the encoding of source code files to inject vulnerabilities. The attack is to use control characters embedded in comments and strings to reorder source code characters in a way that changes its logic. 

An Opinionated Guide on How to Reverse Engineer Software, Part 1 - https://margin.re/media/an-opinionated-guide-on-how-to-reverse-engineer-software-part-1.aspx

"This is an opinionated guide. After 12 years of reverse engineering professionally, I have developed strong beliefs on how to get good at RE."​

AppSec Things to Watch in 2022 - https://www.securityjourney.com/post/appsec-things-to-watch-in-2022

It’s that time of the year again when everyone under the sun comes up with predictions. We’re not fans of predictions, so instead, we give you Security Journey’s Application Security Things to Watch in 2022.

AWS WAF's Dangerous Defaults - https://osamaelnaggar.com/blog/aws_waf_dangerous_defaults/

Any malicious payload that starts after the 8KB limit in a POST request will completely bypass your WAF unless you've explicitly added a rule to block any POST request greater than 8KB in size. Even the simplest SQL injection, the legendary '1=1' can fly right by.