Secure Coding

What is Security Code Review and Secure Coding? How important is it? Are Security Code Review and Secure Coding part of your Application Security program?

Security Code Review

Code Review is a process that a person (usually Application Security Engineers or another developers) reviews all or part of the code written by another developer. Security Code Review means a Code Review that attempts to find security related weaknesses in the code.

Secure Coding

Secure Coding is the practice of writing applications in a way that protects itself against known vulnerabilities.

How to implement Security Code Review

It mostly depends on the company! Manually code review is time consuming so if you…

Do you run Threat Modeling sessions regularly? Do you have any specific method to do that?

Available Methods

There are several methods for doing Threat Modeling. You can read about 12 available methods here. All of the available methods were made in a time for a specific purpose, but now you can use which one fits your requirements.

Easy way!

In this article, I’m going to show you a very simple and easy method (but effective) to do your Threat Modeling. I suppose we are going to Threat Model an application with just one functionality(User Registration). Here is a simple Data Flow Diagram:

Simple diagram


Hello everybody!

In this blog post, I want to teach you a simple method to easily find Reflected XSS vulnerabilities. We only need BurpSuite (Pro) with “Reflected Parameters” (This extension needed BurpSuite Pro — You can find free ones on Github: and “XSS Validator”.

  1. Open Burpsuite Pro and go to “Extender => BApp Store” and install “Reflected Parameters”
Reflected Parameter Extension

2. In “Extender => BApp Store” install “XSS Validator”

Hi everyone,

In this blog post, I want to show you, how to find XSS vulnerabilities with help of Sqlmap!

Steps :

1 — Find URL’s with parameters

2 — Pass the ‘URL with the parameters’ to sqlmap => sqlmap -u

3 — If sqlmap found any reflected value or potential XSS, informs you!

4 — Verify the XSS vulnerability with your browser (with a list of XSS payloads)or any other tools.

sqlmap example

I hope this will be useful.

Mehdi Esmaeilpour

Application Security Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store